Showing posts with label System. Show all posts
Showing posts with label System. Show all posts

Friday, October 14, 2011

System Restore - Fake AV - Rogue - How to remove



Rogue System Restore hides all files and folders, and brings all the shortcuts in a some folder.


So that would find anything on your computer to show hidden files and folders.
To do this, open My Computer. In the menu click Tools - Folder Options.




Click the tab View. Scroll to the "Show hidden files and folders", select this option and click OK.




Now you can see the files and folders that were hidden in a consequence of virus infection.


Now again run My Computer and type in the address bar website trojan-killer.net and press Enter.




On this site you will need to download Trojan-Killer.


Run and install it.




Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.




When the Trojan Killer will look on your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.





Files created:
C:\Documents and Settings\<UserName>\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
C:\Documents and Settings\<UserName>\Desktop\System Restore.lnk
C:\Documents and Settings\<UserName>\Local Settings\Temp\2.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\P1kAlMiG2Kb7Fz.exe.tmp
C:\Documents and Settings\<UserName>\Local Settings\Temp\P5tM1QBI6DSS92.exe.tmp
C:\ProgramData\1kAlMiG2Kb7FzP.exe
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Restore\System Restore.lnk
C:\Documents and Settings\<UserName>\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
C:\Documents and Settings\All Users\Application Data\wkocffmpai
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
C:\Documents and Settings\All Users\Application Data\wkocffmpai.exe (or opYeyfNfgoELQR.exe, MipGepTjgvGvb.exe, VeGeMHdmoTmIHU.exe, nFEDeRLYbhvow.exe, nkvdydMXkOjUTm.exe, VBiiKvMvycJo.exe, nGAJwRsisPtsC.exe, lcfPLNqtMDTx.exe, kMoUUJmEvJ.exe, beUBhsyFTRXwF.exe, mNapNprtKQL.exe, GaRJGgXVekDX.exe, SkMtEGuPVoS.exe, KpLRDMpSNRdCe.exe, EwXTzauZm.exe, FuxUSdPsKW.exe, PubpyGvxbEEjj.exe)


Registry key created:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"wkocffmpai.exe"="C:\Documents and Settings\All Users\Application Data\wkocffmpai.exe" (or opYeyfNfgoELQR.exe, MipGepTjgvGvb.exe, VeGeMHdmoTmIHU.exe, nFEDeRLYbhvow.exe, nkvdydMXkOjUTm.exe, VBiiKvMvycJo.exe, nGAJwRsisPtsC.exe, lcfPLNqtMDTx.exe, kMoUUJmEvJ.exe, beUBhsyFTRXwF.exe, mNapNprtKQL.exe, GaRJGgXVekDX.exe, SkMtEGuPVoS.exe, KpLRDMpSNRdCe.exe, EwXTzauZm.exe, FuxUSdPsKW.exe, PubpyGvxbEEjj.exe)




How to restore all hidden files and deleted labels after virus?


Download and run next tools


GridinSoft Restore download link:
http://trojan-killer.net/download/restore.exe

GridinSoft Unhider download link:
http://trojan-killer.net/download/unhider.exe




Also I recommend you to read this guides:
General information about viruses and trojans
How to kill process from memory
How to remove programs from startup
How to define malicious program or not
Author: на No comments:
Keywords: , , , , , , , , ,

Wednesday, September 28, 2011

Zentom System Guard - about this Fake AV


Zentom System Guard fake Anti-Virus which requires money for registration. Otherwise it will bother you constant false messages.




Created files:
C:\Documents and Settings\<UserName>\Application Data\<RandomSymbols>\enemies-names.txt
C:\Documents and Settings\<UserName>\Application Data\<RandomSymbols>\finc70dkk.exe (or senrmodk70.exe)
C:\Documents and Settings\<UserName>\Application Data\<RandomSymbols>\hookdll.dll
C:\Documents and Settings\<UserName>\Application Data\<RandomSymbols>\local.ini
C:\Documents and Settings\<UserName>\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
C:\Documents and Settings\<UserName>\Desktop\Zentom System Guard.lnk
C:\Documents and Settings\<UserName>\Start Menu\Programs\Startup\Zentom System Guard.lnk
C:\Documents and Settings\<UserName>\Start Menu\Programs\Zentom System Guard
C:\Documents and Settings\<UserName>\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
C:\Documents and Settings\<UserName>\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
C:\Documents and Settings\<UserName>\Start Menu\Zentom System Guard.lnk

Register changes:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "finc70dkk.exe" (or senrmodk70.exe)
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zentom System Guard
HKCU\Software\Zentom System Guard Inc\Zentom System Guard





To remove this rogue go to the website www.Trojan-Killer.net and download Trojan-Killer.


Run and install it.




Upon completion of installation, select Launch GridinSoft Trojan Killer and click Finish.




When the Trojan Killer will look up your computer you will see a full list of detected malware.
Press the Remove Selected to remove them.




Author: на No comments:
Keywords: , , , , ,
Subscribe to: Posts (Atom)