Post by nike on Jun 25, 2011 22:20:12 GMT
In my business of computer repairs, around 95% of computers I come in contact with have virus/trojan infections. Most times the owner doesn't realize this until the computer slows down to a crawl.
Lately, there has been a rash of 'New Wave' trojans hitting the scene like Windows Registry Tool, Windows XP Repair, or Personal Shield Pro, and the list goes on and on.
Many of these trojans hide all the data in your documents folder, and some even hide all your desktop icons. There is a remedy in fact, so don't get yourselves in a panic if this happens to you.
I use 5 programs to clean all these infections up. They are as follows.....
1/ Rkill ....... It stops the running process of the trojan and in most cases, has to be run first in safe mode.
2/ Combofix .... This program is the one that removes the trojan. It must be updated before use and most times, it will tell you that on your screen. Update it and also install the windows patch that it says it needs, then run it in normal mode. Be prepared for a fair run time. It seems to just sit there doing nothing, but rest assured, it's working.
3/ Malwarebytes AntiMalware ..... This one gets rid of any other trojans that may have accompanied the infection that Combofix has just removed. Make sure you have the latest updated version of this program, or it may leave something behind. Run a full scan with it.
4/ Unhide.exe ..... This is the program that you may need to run to 'unhide' your data files and desktop icons. Run this after the Mbam scan completes. Some times, Combofix or Mbam unhides the data themselves by just removing the program that hides them.
5/ SUPERAntiSpyware .... Run a full scan with this program as well. Make sure to update it first as you would with Mbam
FOOTNOTE* You may find that in order for Combofix to run, your anti-virus will need to be turned off. I find that it's best to uninstall it in safe mode before running Combofix. You can always reinstall it after disinfecting your PC.
Combofix, Rkill, and unhide.exe are all available from www.bleepingcomputer.com.
Combofix tutorial is here .... www.bleepingcomputer.com/combofix/how-to-use-combofix
RKill is found here .... www.bleepingcomputer.com/download/anti-virus/rkill
Unhide.exe is found here .... download.bleepingcomputer.com/grinler/unhide.exe
The unhide.exe forum is here ... www.bleepingcomputer.com/forums/topic405109.html
Mbam can be found here ... www.malwarebytes.org
SUPERAntiSpyware can be found here .... www.superantispyware.com/download.html
Download them all to a USB stick, and keep them for future use. I have a special USB stick just for those programs.
If you can't clean the infection by using these tools, then a reformat / reinstall is the only other alternative. If it's been some time since your last reformat, i'd take that option if your data is accessable to backup.
The most important thing to remember before you become infected, 'cos it may happen tomorrow, you just never know, is "BACK UP REGULARLY!"
The second most important thing to remember is, "Back Up Regularly!" JUST DO IT!!!
Lately, there has been a rash of 'New Wave' trojans hitting the scene like Windows Registry Tool, Windows XP Repair, or Personal Shield Pro, and the list goes on and on.
Many of these trojans hide all the data in your documents folder, and some even hide all your desktop icons. There is a remedy in fact, so don't get yourselves in a panic if this happens to you.
I use 5 programs to clean all these infections up. They are as follows.....
1/ Rkill ....... It stops the running process of the trojan and in most cases, has to be run first in safe mode.
2/ Combofix .... This program is the one that removes the trojan. It must be updated before use and most times, it will tell you that on your screen. Update it and also install the windows patch that it says it needs, then run it in normal mode. Be prepared for a fair run time. It seems to just sit there doing nothing, but rest assured, it's working.
3/ Malwarebytes AntiMalware ..... This one gets rid of any other trojans that may have accompanied the infection that Combofix has just removed. Make sure you have the latest updated version of this program, or it may leave something behind. Run a full scan with it.
4/ Unhide.exe ..... This is the program that you may need to run to 'unhide' your data files and desktop icons. Run this after the Mbam scan completes. Some times, Combofix or Mbam unhides the data themselves by just removing the program that hides them.
5/ SUPERAntiSpyware .... Run a full scan with this program as well. Make sure to update it first as you would with Mbam
FOOTNOTE* You may find that in order for Combofix to run, your anti-virus will need to be turned off. I find that it's best to uninstall it in safe mode before running Combofix. You can always reinstall it after disinfecting your PC.
Combofix, Rkill, and unhide.exe are all available from www.bleepingcomputer.com.
Combofix tutorial is here .... www.bleepingcomputer.com/combofix/how-to-use-combofix
RKill is found here .... www.bleepingcomputer.com/download/anti-virus/rkill
Unhide.exe is found here .... download.bleepingcomputer.com/grinler/unhide.exe
The unhide.exe forum is here ... www.bleepingcomputer.com/forums/topic405109.html
Mbam can be found here ... www.malwarebytes.org
SUPERAntiSpyware can be found here .... www.superantispyware.com/download.html
Download them all to a USB stick, and keep them for future use. I have a special USB stick just for those programs.
If you can't clean the infection by using these tools, then a reformat / reinstall is the only other alternative. If it's been some time since your last reformat, i'd take that option if your data is accessable to backup.
The most important thing to remember before you become infected, 'cos it may happen tomorrow, you just never know, is "BACK UP REGULARLY!"
The second most important thing to remember is, "Back Up Regularly!" JUST DO IT!!!