Smart Computing ® Smart Computing ®
Top Subscribe Today | Contact Us | Register Now   
middle
Home | Tech Support | Q&A Board | Article Search | Subscribe & Shop   


How To Get Rid Of… Email This
Print This
View My Personal Library
How To Get Rid Of…
Article Last Reviewed February 2005 		Add To My Personal Library


How To Get Rid Of AnnaKournikova

Description

The AnnaKournikova virus, which first appeared in August 2000, reached full steam by February 2001. This virus/worm—also called Onthefly and SST—uses Visual Basic programming code to infect Windows systems when a user unwittingly opens an email attachment that seems to promise a graphic image of Russian tennis star Anna Kournikova. When launched, the attachment in fact does not display a picture of Anna Kournikova but instead, launches a Visual Basic script that forwards a copy of itself to every address in the infected user's Microsoft Outlook address book. For reference, Visual Basic script is a powerful programming language that is used to quickly and easily create programs to run on a variety of Windows platforms.

The AnnaKournikova virus spreads itself via email with a modus operandi similar to the notorious Love Letter virus of a year earlier. The success of this virus was attributed to its use of a combination of social engineering (the promise of a glimpse of a sexy tennis star) and the "double-extension deception" whereby recipients are tricked into opening this malicious attachment as the file appears without the .VBS extension. Instead of looking like AnnaKournikova.jpg.vbs, the virus appears to the user as AnnaKournikova.jpg: an innocuous picture image. This is displayed when the Hide File Extensions For Known File Types option is turned on in Windows, a common default setting.

The ability to mail itself to a large number of Internet users classifies this virus as a worm. The virus apparently does not damage the systems it infects and is just one of many viruses that attack computer systems via email attachments.

How To Tell If AnnaKournikova Is Present On Your PC

The virus typically arrives as an email with the subject line, "Here you have, ;o)," with "Hi: Check This!" in the message body, and with the attached file AnnaKournikova.jpg.vbs. (That is the virus itself.)

Because AnnaKournikova makes changes to the Windows Registry, you need only to check the Registry for specific files to determine if the virus is already on your PC. To open the Registry Editor, click Start and Run. In the Open box type regedit and click OK. Expand the HKEY_USERS\DEFAULT\SOFTWARE key and look for the following entries:

HKEY_USERS\DEFAULT\SOFTWARE\OnTheFly

HKEY_USERS\DEFAULT\SOFTWARE\OnTheFly\mailed=(1 for yes)

In addition, the virus will also leave the file AnnaKournikova.jpg.vbs in the C:\WINDOWS directory. Using Windows built-in search utility via the Start menu, you can run a quick scan of the C:\WINDOWS directory for AnnaKournikova.jpg.vbs to determine whether the file is present.

How To Get Rid Of AnnaKournikova With Spybot-Search & Destroy

Launch Spybot Search & Destroy and makes sure it is up-to-date by clicking the Update button and following the on-screen instructions. (This requires a live Internet connection.) If the program is up-to-date, click the Search & Destroy button to automatically search for malware such as AnnaKournikova.jpg.vbs. When Spybot Search & Destroy finds the file on your computer, it creates a listing under the Problem heading and automatically includes a check in the corresponding checkbox. Scroll through the results to make sure the program didn't identify any legitimate programs as problems; if you find any of these, simply uncheck the corresponding checkboxes. Click the Fix Selected Problems button to have the program remove the unwanted file(s).

WARNING: The following section includes step-by-step information on how to edit the Windows Registry, a large database containing system and program settings that are essential to how the OS (operating system) operates. Follow Registry-editing instructions to the letter and be sure to make a backup of your Registry before you begin (Registry errors can render your computer inoperable if you don't have a backup). This procedure differs depending on the OS you use. For more information on backing up and editing the Registry, see these articles: "Protect Yourself" and "Register Here."


How To Get Rid Of AnnaKournikova Manually

The first step to getting rid of this insidious virus is performing a manual check of your system. Since this worm creates the file AnnaKournikova.jpg.vbs in the Windows system folder (C:\WINDOWS or C:\WINNT, depending on the operating system), the presence of this file ensures you are infected with this worm. Delete the file in the Windows system folder and the two aforementioned Registry entries to remove the virus.

Now that you have removed the virus, empty the Recycle Bin and restart your computer. Lastly, run up-to-date antivirus software to ensure that any remnants are removed.

by Douglas Schweitzer






Want more information about a topic you found of interest while reading this article? Type a word or phrase that identifies the topic and click "Search" to find relevant Trouble Shooting articles from within our Tech Support.

Enter A Subject (key words or a phrase):
                                         




Home     Copyright & Legal Information     Privacy Policy     Site Map     Contact Us

Copyright © 2009 Sandhills Publishing Company U.S.A. All rights reserved.