Shockwave Trojan Information and Removal

What is the Shockwave Trojan Virus?

Remember all those warnings you hear about never opening an .exe attachment! This virus is why those warnings appear. Discovered on November 30, 2000 this virus has the subject "A great Shockwave flash movie" and the attachment is "CREATIVE.EXE." Using Outlook, the trojan sends itself as an attachment to every address listed in the address book of the infected user. This Trojan also changes the filenames of all JPG and ZIP files and then moves the files to the C:\ root directory. Because Shockwave is a standard format for animation, most people will just think its a "cute" file and open it...then the trouble starts.

How to Clean/Delete the Shockwave Trojan?

Delete the Creative.exe file from the Windows Startup folder and restart the computer. Then use the file called C:\ MESSAGEFORU.TXT to manually move and rename the JPG and ZIP files that the virus changed. The filenames of these files are then appended with the text "change atleast now to LINUX". For example, "XXXX.ZIP" becomes "XXXX.ZIPchange atleast now to LINUX". The file C:\MESSAGEFORU.TXT logs the original location of all files so it can be used to restore all moved files.

When viewed, the file C:\ MESSAGEFORU.TXT contains the following text:
Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. i could have done far better damage, i could have even completely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin