DALnet Exploits Team Pages

Massads Closers Services Abuse Open Proxy Exploits Cybercafe

Ident FAQ
Windows Ident
Macintosh Ident
Unix Ident
Microsoft ICS
Proxies & Firewalls
Routers
Security Check
Akill Information
Specific Fixes
Contact Us

TROJAN : Insult-media
AKILL CODES : [ma/insultmedia], [exp/insult]

The instructions below are for the removal of the 'Insult Media' trojan from computers running Windows 95,98, 98se and ME. Windows NT and Windows 2000 users should adapt the procedure as necessary for their operating system.

Step 1 : Disconnect from the internet and reboot your computer.

Step 2 : Press the [ctrl], [alt] & [del] keys together to bring up the windows task manager.

Step 3 : Look for a program by the name of Insultmedia.exe or regsv.exe. If you find one, click on it and use 'End Task' to close it down.

Step 4 : Using 'Find files & folders' on the start menu, search for all occurrences of regsv.exe on your disk and delete them. The trojan will normally be found in c:\windows but can occur elsewhere. When finished, close the find files box.

Step 5 : From the start menu, select run. Enter 'regedit' into the box provided and hit return.

Step 6 : Go to the Edit option on the menubar and choose 'Find'. Enter regsv.exe in the dialogue box and hit return. Delete all keys containing regsv.exe. Normally, these will be the following :

\HKEY_CURRENT_USER\Software\Mirabilis\Agent\Apps\icqrun
\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices\regsv

Step 7 : Close regedit and reboot your PC.

The trojan has now been removed from your PC.

Disclaimer & Warning

Removing this trojan involves editing the system registry.

Incorrect registry editing can seriously damage your windows installation, possibly rendering your machine unable to restart. While we take all possible care when compiling these instructions, neither DALnet, it's staff nor the hosts of this page can accept liability for any damage or loss caused in any way by your use of this information or any inaccuracies therein. You are strongly advised to backup all important data and to verify such backups before following these instructions.

© DALnet IRC Network 2002.
DALnet treats copyright violation extremely seriously.
You are expressly forbidden to copy, mirror or otherwise duplicate the content, style or look and feel of these pages without express written permission from an authorized DALnet official. Copyright violators will be dealt with severly.