Smart Computing ® Smart Computing ®
Top Subscribe Today | Contact Us | Register Now   
middle
Home | Tech Support | Q&A Board | Article Search | Subscribe & Shop   


How To Get Rid Of… Email This
Print This
View My Personal Library
How To Get Rid Of…
Article Last Reviewed February 2005 		Add To My Personal Library


How To Get Rid Of Smash

Description

First discovered in 2000, the Smash worm usually launches on the 14th day of the month. The worm modifies .EXE and .DLL files and formats the hard disk after a reboot. The number of infections has been very low, and security firms have reported that threat containment has been effective. Because the worm caused a mild panic when it was first reported and is sometimes identified as a virus, security firm Sophos issued an advisory telling users that they were more likely to get abducted by Martians than to get hit by Smash.

How To Tell If Smash Is On Your PC

When the system day is 14 and the month is greater than or equal to six, or June, the virus activates. After it is active, the next time the computer starts the system will display a blue screen, often referred to as the Blue Screen Of Death. The screen may also contain this message while the system is hanging: "Virus Warning! Virus Name Is ‘SMASH', Project D Version 0x0A. Created And Compiled By Dormitor. Seems Like Your Bad Dream Comes True. . . ." After the blue screen is seen, the computer freezes. The malicious code is set to activate after the computer is rebooted, after freezing. Since it's common to try rebooting after freezing, users unwittingly cause the virus activation.

After that point, the virus overwrites part of the Io.sys file, causing the system to hang after a reboot and display a message of Formatting The Hard Disk. It then formats the hard drive, which can destroy all user data.

WARNING: The following section includes step-by-step information on how to edit the Windows Registry, a large database containing system and program settings that are essential to how the OS (operating system) operates. Follow Registry-editing instructions to the letter and be sure to make a backup of your Registry before you begin. (Registry errors can render your computer inoperable if you don't have a backup.) This procedure differs depending on the OS you use. For more information on backing up and editing the Registry, see these articles: "Protect Yourself" and "Register Here."

How To Get Rid Of Smash

Because the Smash worm has been so rarely reported in the wild, as opposed to a research lab, manual removal instructions have not been published by any security firms. If a perusal of the system folder uncovers Smash, contact Microsoft and security firms such as Symantec, F-Secure, and Trend Micro, since that will mean the worm is finally in the wild, rather than in research labs.

Since the virus is difficult to stop once it's activated, it's advisable to take precautions to prevent potential infection. The most effective way is to update virus signatures through a third-party antivirus software application such as those available through Norton, McAfee, or Trend Micro. Regular system scans will detect the Smash worm as well as similar threats.

By Elizabeth Millard




Want more information about a topic you found of interest while reading this article? Type a word or phrase that identifies the topic and click "Search" to find relevant Trouble Shooting articles from within our Tech Support.

Enter A Subject (key words or a phrase):
                                         




Home     Copyright & Legal Information     Privacy Policy     Site Map     Contact Us

Copyright © 2009 Sandhills Publishing Company U.S.A. All rights reserved.