W32.Antinny Removal Tool is designed to remove infections of the following threats:
· W32.HLLW.Antinny
· W32.HLLW.Antinny.E
· W32.HLLW.Antinny.G
· W32.Antinny.K
· W32.Antinny.Q
· W32.Antinny.AX
· Trojan.Sientok
· Trojan.Exponny

If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet. Disable or password-protect file sharing, or set the shared files to Read Only, before reconnecting the computers to the network or to the Internet.

Because this worm spreads by using shared folders on networked computers, to ensure that the worm does not reinfect the computer after it has been removed, Symantec suggests sharing with Read Only access or by using password protection.

If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only.

W32.Antinny Removal Tool was not designed to run on a Novell NetWare server. To remove this threat from a NetWare server, first make sure that you have the current virus definitions, and then run a full system scan with the Symantec antivirus product.

Note for network administrators: If you are running MS Exchange 2000 Server, we recommend that you exclude the M drive from the scan by running the tool from a command line, with the Exclude switch.

Usage:
· Close all the running programs.
· If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
· If you are running Windows Me or XP, turn off System Restore
· Locate the file that you just downloaded.
· Double-click the FxAntiny.exe file to start the removal tool.
· Click Start to begin the process, and then allow the tool to run.
· Restart the computer.
· Run the removal tool again to ensure that the system is clean.
· If you are running Windows Me/XP, then reenable System Restore.
· If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
· Run LiveUpdate to make sure that you are using the most current virus definitions

When the tool has finished running, you will see a message indicating whether the threat has infected the computer. The tool displays results similar to the following:
· Total number of the scanned files
· Number of deleted files
· Number of repaired files
· Number of terminated viral processes
· Number of fixed registry entries

The Removal Tool does the following:
· Terminates the associated processes
· Deletes the associated files
· Deletes the registry values added by the threat

The removal tool does not modify the upload folder configuration of Winny. We recommend that you remove the upload folder configuration of Winny and find out what information was leaked from the compromised computers.
· Open Explorer.
· Go to Tools Menu > Folder Options > View.
· Click Show hidden files and folders.
· Find a folder that contains a Winny program.
· Open Upfolder.txt in the folder.
· Find out and write down "Path=" line in the txt. The path must be set as an upload folder for Winny.
· Delete "Path=" line if you do not need it.
· You can find out which files are uploaded to the Winny network.