System Security 2011 - it is fake antivirus. Only money ransom.
C:\Documents and Settings\<UserName>\Application Data\GRRFB8olDViWCkC\System Security 2011.ico (It's random folder name)
C:\Documents and Settings\<UserName>\Application Data\dwme.exe
C:\Documents and Settings\<UserName>\Application Data\ldr.ini
C:\Documents and Settings\<UserName>\Desktop\System Security 2011.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\1.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\dwme.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Security 2011\System Security 2011.lnk
C:\WINDOWS\system32\D888oFB8lEViW6j.exe (It's random file name)
Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gXX5yhmP4tnLrI28234A" = "C:\WINDOWS\system32\D888oFB8lEViW6j.exe"
"PDVV8olDViWCuQh" = "C:\Documents and Settings\<UserName>\Application Data\dwme.exe"
Random key names.
To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.
Run and install it.
Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.
When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.
I hope this guide helps you :)
No comments:
Post a Comment