Archive for the ‘Virus-SpyWare-Security’ Category
I had an incident on my portable laptop where a video update foist attempt occurred. Malwarebytes flagged: C:\ProgramData\boost_Interprocess.
- Remove “Video Update Recommended” pop-up (Virus Removal Guide)
- BleepingComputer.com – has many of the tools you need for cleanup
Yikes when will these guys quit and get a real job? This one hides your files and makes it hard to recover.
- Ran TDSSKiller – nothing detected
- Ran MalwareBytes – detected a list of things – deleted > Indirect Link to offline download of threat database here - Link Direct to threat database download here
- Found SMART HDD removal instructions at this point
- Ran unhide.exe and the computer returned to normal operation with a few icons missing from the start menu
More stuff showed up on my personal machine. Yuk. rootkit.0access.h
Additionally when using the method I used it breaks the net connection. I fixed all. Sequence follows.
- TDSSKiller – I had to run and reboot several times. I also may have run Malwarebytes in between. Should have kept track better! This was because first I used an older version as I was being blocked by the virus. After I ran it I was able to connect and get the updated version which found more stuff.
- Malwarebytes – had to run this 2 or 3 times to come up clean. After this my net connection was broken.
- XP, Vista, Win7 Network Registry keys - I double clicked on netbt.reg as refered to on the page that took me to the reg keys – network was still not restored
- Farbar Service Scanner FSS - I ran FSS to find out what network function was not working. It came back with AFD.sys service not running.
- AFD.reg - I clicked on the AFD.reg key included in the XP registry keys. I then rebooted. After that my net connection was back.
Spyware / virus lept onto my machine somewhere! Following worked on my desktop.
- Instructions using multiple tools here
- What are the symtoms?
- OTL – Old Time Lister
- TDSSKiller - a rootkit remover tool – http://support.kaspersky.com/downloads/utils/tdsskiller.zip
- How to use ComboFix
- ESET online scanner
This process seems to have worked.
On my laptop I had a similar redirector. After I used the above tools internet explorer would not work. For that I used the following tool. This worked.
- Microsoft Malicious Software Removal Tool – downloaded and ran – found 1 item and removed it
- Microsoft – Live OneCare Scan – Get a free PC safety scan
- Microsoft Security Essentials downloaded and ran – found and eliminated Tool:Win32/Cmdow
ITEM NOTES Resolution
5 severe issues found
TrojanDownloader:Win32/Zlob.gen!BM c:\documents and settings\user01\local settings\temp\djdt1g9i.exe File DELETED
1 High issue found
1 Medium issue found
Tool:Win32/Cmdow c:\documents and settings\user01\my documents\downloads\windows xp pro.iso File Deleted
– deleted Java cache – most of the infections in applets?