My USB Flash drive is infected by Worm@W32.Resik. That’s definitely sure because of these reasons:

1. When I checked my USB Flash drive, it already contains a folder named “Recycled” which also contains two hidden files: Voinfo.dll and Driveinfo.exe.
2. When I used this drive during my blogging job today, the updated Norton anti-virus warned me that an infected file was found at the Flash drive.

So, how did I know that the said drive is infected by Worm@W32.Resik?

Well, Worm@W32.Resik is the worm that creates the two hidden files: Voinfo.dll and Driveinfo.exe and placed it into the hidden folder it created in flash drive named “Recycled”, including the Driveinfo.sdc. The autorun.inf is also created and placed at the root directory of the flash drive. In the Windows system folder, it also creates inetsrv.exe.

All these files are all found in my PC and flash drive.

I also checked the Windows registry if it was altered by this worm. And I found out that the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\inetsrv entry was added. This entry makes sure that eveytime the Windows system is rebooted, the inetsrv.exe found in the Windows system will be automatically activated.

How to remove this worm from our PC system?

We have two approaches in removing this worm from our PC system. (1) Using PC Security software like Norton of Symantec, PC Security Shield, or any updated software. (2) Removing Manually.

In manually removing this worm:

1. first we need to boot the PC to a safemode of Windows.
2. Open the registry (click START, then click RUN, type REGEDIT and click OK.
3. On the Registry Editor, look for the entry which contains “inetsrv” (press ctl-f, type inetsrv and clickOK)
4. Delete all entries that contains inetsrv.ex.
5. Repeat step 3 and 4 until it will prompt you that the files are not found, which means that the entries that contain “inetsrv” are all deleted.
6. Change the View option of the Windows explorer to “View All”, for us to view hidden files.
7. Search for the files created by this worm as mentioned above and delete them all.
8. After these, restart the PC and boot it to normal.

Note: This kind of worm according to the Symantec was discovered last January 2007 and is called by Symantec as W32.Resik.A.

• Sign up for PayPal and start accepting credit card payments instantly.
  As the world's number one online payment service, PayPal is the fastest way to open your doors to over 150 million member accounts worldwide.
• Promote your product to high quality, targeted websites and blogs.
  Find effective, influential blogs and highly targeted audiences to advertise.Choose to display your ad across entire blog networks to maximize your exposure to a wide audience.