X97M.Ainesey.C is a macro virus that attacks Microsoft Excel tables, lowers the security level of Internet Explorer and drops a file containing the Trojan to the infected computer.
Incompatible operating systems: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When executed, X97M.Ainesey.C will perform the following tasks: & nbsp;
Generate the following files:
% temp% 1.reg sets
% temp2.reg sets
Create the following registry keys to lower the security configuration level in Microsoft Excel 9.0 and 10.0:
HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0
ExcelSecurityLevel = 1
HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0
ExcelSecurityDontTrustInstalledFiles = 0
HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0
ExcelSecurityAccessVBOM = 1
HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0
ExcelSecurityLevel = 1
HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0
ExcelSecurityDontTrustInstalledFiles = 0Delete the following files: & nbsp;
& nbsp;% temp% 1.reg sets
% temp2.reg sets
Create and execute the file:% Windir% MSIEXEC32.EXE.
Attention: The MSIEXEC32.EXE file contains the W32.Ainesey.A@mm virus, and may also contain the W32.ElKern.4926 virus.Search all open Microsoft Excel tables to install the virus.
Search for a file named Personal.xls in the Excel startup folder, or create this file if it is not available. Later, X97M.Ainesey.C will infect the Personal.xls file, enabling the virus to run automatically every time the Microsoft Excel table is opened.
Following are some recommendations and guidelines for eradicating the virus X97M.Ainesey.C of Symantec Security:
Recommendations:
Turn off and remove unnecessary services on the system. By default, a lot of things onions Install unnecessary services, such as FTP servers, telnet, and Web servers. These services have long exposed many of the weaknesses that hackers use to attack computers.
Keep up to date with the latest patches, especially for computers that contain multiple public services and are accessible through firewalls, such as HTTP, FTP, mail, and DNS.
Tighten the password policy. Using complex passwords will make it difficult for programs to crack passwords on your computer. Doing this will also reduce the damage when the computer is compromised. & Nbsp;
Configure e-mail servers to block or remove e-mail attachments that are often exploited by viruses to spread: .vbs, .bat, .exe, .pif, and .scr.
Isolate the infected computer to prevent the spread of the virus in your organization. Carry out system audit and data backup.
Notify employees not to open attachments by e-mail unless they are of a safe and verifiable origin. Also, do not execute software downloaded from the Internet unless it has been tested by antivirus software. Browsers are no longer safe and sometimes just a normal web-browsing operation will also cause your computer to become infected.
Virus removal guide (Symantec)
Disable System Restore (Windows Me / XP).
Download the latest update for antivirus software
Run the antivirus software in Full System (full system scan) and X97M file repair.
Restore security configuration in Microsoft Excel. & Nbsp;
