Space Station Computers Infected by Worm

Home » Events, Science,Security and Technology, Security

Space Station Computers Infected by Worm

29 August 2008 2 Comments Add to Technorati Favorites

The laptops taken on to the International Space Station (ISS) last month carried the W32.Gammima.AG worm. A worm is a self-replicating computer program.Unlike a virus, it has the capability to travel without any help from a person. This was confirmed by NASA. The worm steals the login details for online games popular in the Far East, such as "Maple Story" and "Talesweaver."

W32.Gammima.AG first appeared a year ago. W32.Gammima.AG propagates by copying itself to removable media. It also steals passwords information related to various online games. It sends the personal data it collects back to a central server. The virus is not thought to be a threat to the control and command system, or to any ISS operations.

NASA spokeman Kelly Humphries said in a statement that this was not the first time that the ISS had been affected by malware, merely calling it a “nuisance.”

The laptops did not have any anti-virus protection or detection systems loaded, she said. They were being used to run nutrition experiment programs and gave astronauts email access. NASA believes that the worm was either loaded with software or transferred via a personal compact flash card.

NASA is investigating the problem with its Russian counterparts to see where it stemmed from and to learn what measures can be taken to prevent a repeat of the situation.

HOW TO REMOVE W32.Gammima.AG:

1. Temporarily Disable System Restore (Windows Me/XP).

In Windows XP:

1. On the Desktop, Right Click on My Computer
2. Select the System Restore Tab
3. Mark the "Turn Off System Restore" to disable and UnMark to Enable
4. Click Apply on the Bottom of the Dialog Box to save the settings.
5. A message "This deletes all existing restore points" will appear, click Yes to disable.
6. Click OK.

In Windows ME:

1. On the Desktop, Right Click on My Computer
2. Select the System Properties

3. On Performance Tab, Click File System in Advanced Settings at the bottom.
4. On Troubleshooting Tab, Mark Disable System Restore t disable or Unmark to enable.
4. Click OK
5. When asked to Restart Windows, click Yes.

2. Update the virus definitions of your antivirus software. If you do not have an antivirus software installed, you can download a FREE antivirus software from AVAST.com or download from

3. Reboot computer in SafeMode.

1. During BootUp process Press F8 continuously until selection appears
2. Use Arrow Up+Down to select SafeMode on the selections menu.

3. Hit Enter to proceed.

4. Run a full system scan and clean/delete all infected file.

5. Delete/Modify any values added to the registry.

1. Click Start > Run
2. Type regedit at the box

3. Click OK.

Navigate to and delete the following registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

\"kava" = "%System%\kavo.exe"

Restore the following registry entries to their previous values, if required:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

\Folder\Hidden\SHOWALL\"CheckedValue" = "0"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

\"Hidden" = "2"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

\"ShowSuperHidden" = "0"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Pocilies\Explorer

\"NoDriveTypeAutoRun" = "0×91"

6. Exit registry editor and restart the computer.

7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with an Online Virus Scanner like the Trend Micro Online Virus Scan .

2 Comments »

» Space Station Computers Infected by Worm Software reviews, free software downloads - Free Software said:

[...] news by admin This entry is filed under The best free software reviews. You can follow any responses to this [...]

# 29 August 2008 at 10:59 am

Space Station Computers Infected by Worm said:

[...] unknown wrote an interesting post today onHere’s a quick excerptA worm is a self-replicating computer program.Unlike a virus, it has the capability to travel without any help from a person. This was confirmed by NASA. The worm steals the login details for online games popular in the Far East, … [...]

# 30 August 2008 at 7:32 pm

Leave your response!

S u b s c r i b e

Click here to Subscribe by Email

Tweets...

This year's August is very special! It wil have 5 Sundays, 5 Mondays and 5 Tuesdays! This only occurs every 823 years. 2 days ago
Stalled vehicle(car) at edsa shaw tunnel northbound. MMDA already dispatched a tow truck from main office. 2 days ago
Traffic @ quezon ave going 2 qc circle.accident in underpass.mmda clearing it already. 2 days ago
@Talk2Globe #MySuper1 is doometdotcom. RT this and get a chance to win a Samsung Galaxy S! http://bit.ly/superone 5 days ago
RT @doometdotcom:Pres.Benigno “PNoy” S. Aquino III's State of the Nation Address http://bit.ly/9bjABk #SONA2010 5 days ago
RT @doometdotcom: dOOmet: SONA: 15th Congress; Pres.Benigno “PNoy” S. Aquino III's State of the Nation Address http://bit.ly/9bjABk #SONA 5 days ago
sonny belmonte is the new House Speaker of 15th Congress! #SONA 5 days ago
@injinious check out http://www.abs-cbnnews.com/anc-live-events in reply to injinious 5 days ago
sen.juan ponce enrile voted as senate president of rp! 5 days ago
@talk2GLOBE My sim is still not activated after 3 days.been to biz center. my trx# is ANL10070001598.new bb.disappointing! in reply to talk2GLOBE 5 days ago
More updates...