The Frethem-K Worm is non-destructive and memory resident. It spreads via an email attachment called "DECRYPT-PASSWORD.EXE". The attachment is usually 48,640 bytes long. The email will have the "Subject: Your password!" with the message body of " ATTENTION! You can access very important information by this password. DO NOT SAVE password to disk use your mind now press cancel (vetiver)

• On Windows 9X/ME, press [CTRL+ALT+DEL]. On Windows NT/2000/XP, press [CTRL+SHIFT+ESC], then click on "Processes"
• Click on "Taskbar" or "Taskbar.exe". Click on "End Task" or "End Process". Close the window
  
  

• Click on "Start", "Run" and type REGEDIT [ENTER]. Click on "OK"
• Delete the registry entry:
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ TaskBar = %Windows%\TASKBAR.EXE
  This file will be located in C:\windows on Windows 9x systems and C:\WinNT on Windows NT\2K\XP systems.
• Delete the registry entry:
  HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\ TaskBar = %Windows%\TASKBAR.EXE
• Close the Registry Editor

• Put your V-Buster diskette in Drive A and type "Vbuster" [ENTER]
  
• Use V-Buster to scan your computer. Delete all occurances of the worm

Return Home