Molotov AIM virus removal

The following link in a buddy profile is part of an aim virus that is currently spreading. It appears to be a variation of the BestBuy Cam virus (W32.Spybot) also noted on this site.

"lol hey guys check out http://molotov.us/itr/lmao.scr for a good laugh :)"

I have been informed that the link also appears as "http://molotov.us/itr/" and takes you to a Chappelle Show image and sound clip to provide entertainment as the virus infects your system.

If you see these in someone's profile, do NOT click the link, and if you believe you are infected, you will need to follow the removal steps and use the REMOVAL TOOL I have created.

TO REMOVE THE VIRUS:

1.) you will need to first download the removal tool, which is provided HERE.

Please do NOT select "open" when you click the link, but save it to your hard drive, preferably to your desktop so that you can find it later.

2) Run the removal tool (you may wish to try this twice if it fails the first time)

3) If the removal tool fails, please boot into Safe Mode and try running the tool in safe mode. For instructions on booting into Safe Mode, click here.

4) For manual removal of the virus files, you will need to first end the process "aim1.exe", "zzqh.exe", "lsas.exe", "taskmanage.exe", "service.exe", "winxp.exe", "download_me.exe", or "windowsupdater.exe" using DS Software's Taskill utility (click save, not Open, and save to your Desktop) and open it to see a list of running programs. Choose the process and select "Kill".

5) Now you will need to search through the hard drive for the files "aim1.exe", "zzqh.exe", "lsas.exe", "taskmanage.exe", "service.exe", "winxp.exe", "download_me.exe", or "windowsupdater.exe". These files would be hidden, and will require you to enable viewing of hidden files and folders.

To do this, click on the Tools menu in Explorer, then click Folder Options, and go to the View tab. (if you are on 98 this will be in the View menu) Now check the box next to "show hidden files and folders" and uncheck the "Hide protected operating system files" box. Now choose "apply to all folders" and click apply.

The files are usually located in C:\Windows\System or C:\Windows\System32, though it varies on computer to computer.

6) Delete "aim1.exe", "zzqh.exe", "lsas.exe", "taskmanage.exe", "service.exe", "hpztsb05.exe", "download_me.exe", "windowsupdater.exe" or "winxp.exe" if they exist.

7) Please don't forget to take the link out of your profile...the removal tool does NOT automatically clean the link, and it does NOT mean you still have the virus!

You may also want to consider downloading Spybot and Ad-Aware (yes, both) then updating and running a full system scan with each. For instructions on using them, please see HERE.

LEGAL STUFF: We are not affiliated with the makers of this virus in any way, nor are we affiliated with any anti-virus company. We merely provide this as a service for those who have been infected. We take no responsibility for any damage done by the virus or by those incorrectly following these removal steps, or those using our removal tools.

Main Page