Tell her to stop pr0nsurf .. WHy did she get it to begin with? Start in safemode and do a fullsearch scan using any fully updated AV and then MBAM for example or Superantispyware.
I am neither lazy, nor stupid, thanx a bunch! She got it searching for Montalbano subs on some Aussie TV website... As I said, it's the latest variant and only really good techies can know, I suppose... Why? KIS, NOD etc. are not helping at all, not seeing it all, which is a downer! KIS is updating every hour - for no apparent use right now... Can't go into safe mode... It's blocking a lot of stuff, fooling all the security SW I have, from KIS2010 to W7 Manager, Ccleaner and now I am trying NOD32 online scanner, then it will be Avira's turn and so on... I suppose I will have to try booting from USB or CD [Hiren] but the latter might not be current... The "delete the following Registry entries" advice was also useless... It's not going anywhere, sadly.... So, any REAL ideas, please?
Btw, none of it applies in the exact same manner, as it's "mutating",,, Even the names of the files are different: Process Manager in W7 Manager, as well as Windows' Task Manager [can't see anything], sees "handlerfix70700en00.exe"... and not what you see on those websites! So, deep guano, it seems... I hope erasing the partition, reformatting etc. would do, if this forum discussion doesn't...
Timesurfer i have dealt with this before you need to stop the processes running before you can even run malwarebytes.
Not so, at least in my experience. I tried and failed. Maybe it's me but I read about it a lot before I wrote about it here. As I said, the darn thing mutated in the meantime. Just as there was no easy way to sort it out initially, when it appeared, so it is rather difficult now, too... A new thing and passes KISS etc. defences... It blocks all sorts of stuff. Can't be stopped, as a process. I am still going with various tools but for now, nothing worked. It's still there after scanning, rebooting and deleting registry entries etc. My wife, unlike me, didn't have NoScript in her FF. No IE8 for me or her, mind. @ All, thank you kindly for your contributions!!! Will keep you posted...
Well, whaddya know... I stand corrected. One of them did the right thing. Sadly, it wasn't "my" KIS2010 but NOD32 Online Scanner. Found it, removed it. Rebooted. Not there! Elegant. Simple for users. As it should be...
Glad you got it worked out. I knew it wasn't that difficult to remove because I just walked someone else through removing that 2 days ago. He said he spent a week trying to remove it and after reading the info I gave him he had it gone in about an hour. He used the Avira Rescue Disk and Malwarebytes though.
I'm badly surprised by KIS on this one... Legit copy of KIS2010 let it in, didn't catch it afterwards, still doesn't see it as a problem. Bad! But if you read back a bit: I followed all the advice, deleting registry entries, unistalling etc. but is still didn't work... Dunno, maybe it was me...
my two cents Yes I had this on a work computer, the "normal" removals did not work. even after it was removed by numerous programs its just comes back. I finally had to get IT to fix it and they just said ya its bad and formated the machine. It opens 3 each off iexplorer.exe and explorer.exe, it also closes task manger on opening. I just wanted to say this to all the its an easy removal blah blah blah. This is very nasty and hard to remove.