W32.Bofra@mm Removal Tool 1.0.1

Eliminates W32.Bofra@mm family of threats.


Quick Facts

154 KB
More votes needed
This tool was previously released as a W32.Mydoom@mm removal tool. It has been renamed to accomodate the name changes to the W32.Bofra@mm family of threats.

What the tool does

The W32.Bofra@mm Removal Tool does the following:

* Terminates W32.Bofra@mm viral processes.
* Terminates the viral thread running under Explorer.exe.
* Deletes W32.Bofra@mm files.
* Reverses the changes made to the registry by W32.Bofra@mm.

- Symantec Security Response strongly recommends that you not use the /NOFIXREG switch when running this removal tool for the first time. If the removal tool is run using this switch, you will not be able to remove the registry keys associated with this worm by running the tool again.

- Using the /MAPPED switch does not ensure the complete removal of the virus on remote computers, because:
o The scanning of mapped drives scans only the mapped folders. This may not include all the folders on the remote computer, which can lead to missed detections.
o If a viral file is detected on the mapped drive, the removal will fail if a program on the remote computer uses this file.

Therefore, you should run the tool on every computer.

- The /EXCLUDE switch will only work with one path, not multiple paths. An alternative is the /NOFILESCAN switch, which will allow the tool to alter the registry. Then, scan the computer with your antivirus product, using the current virus definitions. These steps should clean the file system.

The following is an example command line that can be used to exclude a single drive:

>"C:\Documents and Settings\user1\Desktop\FixBofra.exe " /EXCLUDE=M:\ /LOG=c:\FixBofra.txt

where the greater than symbol (>) is not part of the path.

Alternatively, the command line below will skip scanning the file system, but will repair the modifications to the registry. You should then run a regular scan of the system with proper exclusions:

>"C:\Documents and Settings\user1\Desktop\FixBofra.exe " /NOFILESCAN /LOG=c:\FixBofra.txt

The name of the log file can be whatever you choose. The name listed is for the sole purpose of this example.