RegRun vs "I love you" Trojan

RegRun easily detects and terminates the Trojan, "I love you" and all of its clones.

WatchDog will reveal changes to the registry.

Look at the list "Current User Run" and search:

MSKernel32

Win32DLL

Suspend running or even delete these entries.

Trojans also check for the WinFAT32 subkey in the following Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

If the WinFAT32 subkey key is not found, the Trojan creates it, copies itself to the

\Windows\System\ directory as WINFAT32.EXE and then runs the file from that location. If you didn't install WINFAT32, delete the entry in "Current User Run":

WinFAT32

All done!

See also: RegRun vs "Back Oriffice 2000"