This might be the first time I am posting a computer cleanup instruction on this blog, but I feel compelled since several people around me have been complaining about a common set of symptoms hitting their computers recently. I thought I could share some steps that a colleague took to successfully clean an infected system.
DISCLAIMER:
The purpose of this post is for informational purposes only and to share some steps performed on an infected system to fix a computer virus, related to symptoms described in the Problem section of this post. I don't know the name of the virus at this time. And, please don't go and modify the registry unless you know what you are doing.
Description:
System virus, automatically redirects internet explorer to a site that requests purchase of an anti-virus product. Task manager becomes blocked and inaccessible.
Solution:
Part I
* Boot the infected system and at the BIOS Press [F8] (Prior to Windows Displaying)
* Select “Safe Mode”
* Log in with the local administrator account
* Start, Run, Type MSCONFIG, and click OK
* Open Windows Explorer, and invoke the file property view and select “show hide files..”
* Look for a strange file type without much detail pointing directly to a user profile, sub to the application directory. Eg. “Document and Settings” > “User Profile”…..”
* Deselect the file and write the file name down. This will prevent it from launching during start up.
* Reboot into Safe Mode again.
* Log in as the local Administrator account.
* Browse to: “Document and Settings” > “User Profile”….. abs search for file name written down in the previous step.
Part II
* On a separate computer, download ATF-Cleaner
http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25
* Copy ATF-Cleaner.exe to a USB drive so that you can move it onto the infected system
* Copy ATF-Cleaner.exe to the desktop of the infected system
* Double-click and run ATF-Cleaner.exe
* Click “Select and Delete All”
* Now review search results and delete directory where file is contained.
* Open Regedit – and Export a copy of the registry
* Select Edit > Find and Search for file.
* Delete file reference key
* Reboot
* Login in Windows in normal mode and test
Monday, February 01, 2010
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2010
(60)
-
▼
February
(8)
- Links: PowerPivot videos on Microsoft Technet...
- Use Case Points for Project Estimating
- Ten Reasons Why I Love VMWare for SQL Server
- Program Evaluation and Review Technique (PERT)
- Issue: Windows Server 2008, JavaScript Blocked on...
- FAST and Windows: A Blessing for Innovation
- Links: Windows PowerShell compiled Help for Share...
- Strange Computer Virus
-
▼
February
(8)
Events / Conferences / User Groups
- AIIM Conference
- Boston Area SharePoint User Group
- Boston Azure User Group
- Collaborate
- DevConnections
- DevIntersection
- Enterprise Search Summit
- Microsoft Build
- Microsoft SharePoint Conference
- Microsoft TechEd
- New England ASP.NET Professionals User Group
- New England Oracle Applications User Group
- Oracle Applications User Group (OAUG)
- Oracle OpenWorld
- PeopleSoft Government Contractor Special Interest Group
- PeopleSoft Southern New England Users Group
- Quest International Users Group
- SharePoint Saturday
- SPTechCon
- SQL PASS
- SQL Saturday
- Startup Weekend
No comments:
Post a Comment