PDA

View Full Version : w32.mantibe


caleb_yee
23-08-03, 14:57
W32.Mantibe is a virus that attempts to spread itself through floppy disks. The existence of the file C:\w12.txt is an indication of a possible infection. This threat is written in the Microsoft Visual Basic programming language.

Nowadays u dont use floopy much,but who knows....u got that prank..

When W32.Mantibe runs, it does the following:

Displays a graphic the first time that it runs.

Copies itself to the %System% folder using the same file name as that of the executed file.

NOTE: %System% is a variable. The virus locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Copies itself as A:\Beso.jpg.exe.

Adds the following value:

"Mantis"="%System%\<the file name of the virus copy>

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

so that the virus runs each time you start Windows.

May create two temp files:
C:\Ascii.txt
C:\w12.txt

Pretty hard to be detected by some AV too..

How to deal...
1.Disable System Restore (Windows Me/XP).
2.Update the virus definitions.
3.Run a full system scan and delete all the files detected as W32.Mantibe.
4.Delete the value that was added to the registry.

Alright,if ya had a problem,try to view the Virus removal text i upload.More info there.

caleb_yee
23-08-03, 14:59
Here read it when u need it.
Virus Removal Text (http://www.tombraiderforums.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=9;t=003986)