@ fubar121, The OP removed it with an Online Nod32 scanner and the Registry tweaks/Guide, No Problem. And the person I helped the other day did it with the Registry tweaks/Guide, Avira BootCD and A Malwarebytes scan, again No Problem. So in fact, it is an easy piece of malware to remove. I think some people just make it much more complicated than it actually is.
Ermmm... both of you have a point... Initially it was not as easy as it is now. NOD32 wised up to it. But KIS hasn't. If KIS hasn't - imagine the many amateurs headaches... The "on foot" search in Registry didn't really do anything. I couldn't either close/stop or delete the .exe file. It was a rather nasty s**te that would stop the PC every few minutes. Really annoying and debilitating... I was lucky that NOD32 were fast to it. Remember, on top of it all: the nasty is "mutating", the writers keep abreast of anti-malware SW - it was a newer version of the original malware... No one yet reported the version my wife earned... It was preventing a lot of apps from starting. Windows was completely defeated! KIS couldn't even see it. W7 Manager or Ccleaner couldn't do anything to it etc. etc.
Btw, Malwarebytes caught some leftovers, even after all I and NOD32 did... Just some registry stuff... after I deleted it all "on foot"... Additionally, rechecking: KIS and W7 Manager scanning now, to see, after updates...
you deleted registry entries but did you download and run the rkill.com or iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead to kill the proccesses you would never had removed it without doing that. infact i am surprised that the online scanner worked because this thing screws around with iexplore also.
As I said, I tried it all. It didn't work. It stopped way too many apps to mention. Luckily, NOD32 Online Scanner was not only functional but also discerning! Otherwise, who knows...
Hey, this is a cool project!!! Many thanx!!! Worth supporting! I just re-checked all of the subs I got and reuploaded the six that were OK.... Ciao! P.S. Anyone knows how to get the Aussie TV subs, please? Or the US DVDs ones? Missing 12. Plus one, as well as the [last] .avi... Thanx!
Actually if you really want to get a clean removal of the malware ...... you should scan the harddisk by booting another machine / OS that is not running the configuration files from that harddisk ...... that is because most of the trojan / malware is working in ring0 ...... there is no way to get the file deleted if the driver is protecting that file ......
That was my worry, indeed... I thought Avira from USB memory stick or Hiren Boot... Which is why I ran Malwarebytes etc. afterwards... Seems clean now...
uh actually there is no way to check whether the harddisk is clean or not if your computer has infected once ...... those AV programs can only check for those generic characteristic and cannot check for others unknown / rare characteristic ..... if you want to know more about rootkit ...... have a look @ a book named "Rootkits : Subverting the Windows Kernel" .... and if you want to know even more about it ...... have a look @ the blackhat presentation notes ...... some of the rootkit are known as bluepills and is not stored on harddisk / infecting the OS ...... instead they could target the chips that existed on the motherboard
I know but I can't get that paranoid... Btw, Avira has a rootkit checker and so does KIS... Not that I trust it all 100000000000% but it is reasonable to assume that this one is gone... Oh, re. OpenSub proggy - I have a Launchpad profile but can NOT sign in for love or money - no clue why... Ideas???
very rare indeed any way you can just boot from bart pe for example and run scan saves you removing hard drive.