This is a special alert from The Funny/Alerts Newsletter. A serious new virus is currently spreading across the Internet, infecting machines and even removing anti virus software. The "Goner" virus —also called WORM_GONE.A or W32/Goner@MM— should be taken seriously by both corporate and home users.
Have you been hit? If so, here are the instructions for removing it. This involves editing your computer's Registry and if you are not comfortable with that (we wouldn't blame you) then you should take these instructions to a professional. If you do undertake this task, follow these instructions exactly!
As always, backup up your hard drive before making any changes!
High-risk virus! Don't be a "goner"
GONE.A, WORM_GONER.A, I-Worm.Goner, Gone, W32/Goner@MM, Win32.Goner.A@mm, W32/Goner.ini, W32/Goner-A, Pentagone Description:
This destructive, memory-resident worm is a Visual Basic-compiled Windows executable that propagates via email using Microsoft Outlook and through ICQ.
It finds certain files in memory and then terminates the processes of these found files. Thereafter, it executes its destructive payload of deleting files.
** Manual Cleaning on Windows 95/98/Me Systems:
1}Reboot the computer.
2} Before the startup logo appears, press F8.
3} Choose the “Command prompt only” option.
4} Go to the %System% directory. %System% is variable. It is usually located at C:\Windows\System.
5} At the command prompt, type the following command then hit the Enter key:
attrib -s -h -r gone.scr
6} Type the following command and then hit the Enter key to delete the Worm file:
7} Restart the computer.
8} Double click the following:
9} Look for the following registry entry and then delete it:
10} Delete all files named REMOTE32.INI in your mIRC folders.
11} Either delete or restore from backup the file MIRC.INI.
** Manual Cleaning on Windows NT/2000 Systems:
1} Kill all running instances of the worm in the task manager. Look for applications named "pentagone" and for processes named "gone.scr". Kill these processes.
2} Scan your system with Trend Micro antivirus and delete all files detected as WORM_GONE.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner.
3} Remove the registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\ Run\%System%\gone.scr
4} Delete all files named REMOTE32.INI in your mIRC folders.
5} Either delete or restore from backup the file MIRC.INI.
Please take a prudent level of minimum due care.