OK, so I've seen two computers horribly riddled with the effluent created by this virus/ malware and since it's a really tough problem to resolve I wanted to make some notes for others that might be struggling to fix this problem.
First off, best to restart the computer in Safe Mode and preferably disconnected from the network/ internet to lessen the likelihood that the computer will reinfect itself in the process. Starting the computer in Safe Mode is done by pressing the F8 key as Windows is starting (you may see a logo or such as the computer starts and you can press F8 any number of times).
Once started it's useful to have another healthy computer connected to the Internet to get hold of some useful programs. Additionally a USB flash drive on which to store said programs is a great idea.
One of the first programs to get is called RKill - this little gem kills malware processes and gives you a chance to get on a fix the problems without the virus software preventing you from making any progress. Copy this program onto the desktop of the infected computer from your USB flash drive and run it. Be sure to copy the program and not just create a shortcut.
Once this is done, get hold of another program called HiJackThis. This is a slightly less user-friendly program but it's very good at scanning the computer to indicate what's running, and what's where. Again put the install for this program on the desktop of the infected computer and get ready to install. This is the point at which you'll need to enable the Windows Installer Service to run in Safe Mode which it doesn't do by default and take a look at the previous post for instructions on that. Be aware that changing things in the registry is dangerous and you may cause problems if you do it wrong. Always make a backup of the registry by exporting the whole thing before making changes.
Once you're able to run the HiJackThis install, run a scan (you can create a log which you can post to support sites and other technical people can help you identify problems). More to come... now I must wrestle another infected computer to the ground and give it shots...
Tony
No comments:
Post a Comment