Sign up for PayPal and start accepting credit card payments instantly.
Home » Events, Science,Security and Technology, Security

Space Station Computers Infected by Worm

29 August 2008 3 Comments Add to Technorati Favorites

The laptops taken on to the International Space Station (ISS) last month carried the W32.Gammima.AG worm. A worm is a self-replicating computer program.Unlike a virus, it has the capability to travel without any help from a person. This was confirmed by NASA. The worm steals the login details for online games popular in the Far East, such as "Maple Story" and "Talesweaver."

W32.Gammima.AG first appeared a year ago. W32.Gammima.AG propagates by copying itself to removable media. It also steals passwords information related to various online games. It sends the personal data it collects back to a central server. The virus is not thought to be a threat to the control and command system, or to any ISS operations.

NASA spokeman Kelly Humphries said in a statement that this was not the first time that the ISS had been affected by malware, merely calling it a “nuisance.”

The laptops did not have any anti-virus protection or detection systems loaded, she said. They were being used to run nutrition experiment programs and gave astronauts email access. NASA believes that the worm was either loaded with software or transferred via a personal compact flash card.

NASA is investigating the problem with its Russian counterparts to see where it stemmed from and to learn what measures can be taken to prevent a repeat of the situation.

 

HOW TO REMOVE W32.Gammima.AG:

1. Temporarily Disable System Restore (Windows Me/XP).

 

In Windows XP:

1. On the Desktop, Right Click on My Computer
2. Select the System Restore Tab
3. Mark the "Turn Off System Restore" to disable and UnMark to Enable
4. Click Apply on the Bottom of the Dialog Box to save the settings.
5. A message "This deletes all existing restore points" will appear, click Yes to disable.
6. Click OK.

In Windows ME:

1. On the Desktop, Right Click on My Computer
2. Select the System Properties

3. On Performance Tab, Click File System in Advanced Settings at the bottom.
4. On Troubleshooting Tab, Mark Disable System Restore t disable or Unmark to enable.
4. Click OK
5. When asked to Restart Windows, click Yes.
   

2. Update the virus definitions of your antivirus software. If you do not have an antivirus software installed, you can download a FREE antivirus software from AVAST.com or download from downloadavastfromcnet

3. Reboot computer in SafeMode.

 

1. During BootUp process Press F8 continuously until selection appears
2. Use Arrow Up+Down to select SafeMode on the selections menu.

3. Hit Enter to proceed.
   

4. Run a full system scan and clean/delete all infected file.

5. Delete/Modify any values added to the registry.

 

1. Click Start > Run
2. Type regedit at the box

3. Click OK.
   

Navigate to and delete the following registry entry:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

\"kava" = "%System%\kavo.exe"
   

Restore the following registry entries to their previous values, if required:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

\Folder\Hidden\SHOWALL\"CheckedValue" = "0"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

\"Hidden" = "2"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

\"ShowSuperHidden" = "0"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Pocilies\Explorer

\"NoDriveTypeAutoRun" = "0×91"
   

6. Exit registry editor and restart the computer.

7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with an Online Virus Scanner like the Trend Micro Online Virus Scan .

 

Related Articles >>>


1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...




3 Comments »

  • » Space Station Computers Infected by Worm Software reviews, free software downloads - Free Software said:

    [...] news by admin This entry is filed under The best free software reviews. You can follow any responses to this [...]

    # 29 August 2008 at 10:59 am
  • Space Station Computers Infected by Worm said:

    [...] unknown wrote an interesting post today onHere’s a quick excerptA worm is a self-replicating computer program.Unlike a virus, it has the capability to travel without any help from a person. This was confirmed by NASA. The worm steals the login details for online games popular in the Far East, … [...]

    # 30 August 2008 at 7:32 pm
  • Brandon Scott said:

    i am only using free virus scanners like avast and avira but they seem to be great tools though*:*

    # 22 August 2010 at 1:51 am

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.