Παρασκευή 9 Ιανουαρίου 2009
Πέμπτη 8 Ιανουαρίου 2009
Τρίτη 6 Ιανουαρίου 2009
Problem with Malware "boot.com", "recycled", "Trojan:Win32/Alureon.gen", "DNSChanger.gen", "videosoft"
Here’s the REAL way to clean this off your system. You should do these steps after a fresh reboot or in safe mode.
1) Navigate to the problem drive(s) via the Explore option.
2) Click on TOOLS -> FOLDER OPTIONS
3) Click the button which says ‘Show hidden files and folders.
4) UNCHECK the following boxes:
Hide extensions for known file types
Hide protected operating system files
5) Find and delete the autorun.ini file and the resycled folder on the root directory of all affected drives.
6) Check “c:\windows\system32\dllcache” for boot.com file and delete it if present.
7) Check “c:\windows\prefetch” for boot.com file and delete if present. You can Delete all files.
8) Delete all files from c:\windows\temp
(Some files may not delete, that’s ok, they’re in use by the system and not virus files.)
9) Delete all files from c:\Documents and Settings\[USER PROFILE]\Local Settings\Temp
(Again, a couple files may not delete, don’t worry.)
10) Run Regedit
11) Make sure you are at the very first entry of the registry hive. (y Computer should be hilighted) then click EDIT -> FIND
12) Search for “boot.com”. If it finds an entry, delete it. Keep hitting F3 until you’ve deleted all instances of boot.com in the entire registry.
13) Scroll the left column back up to the top and highlight the My Computer again at the top of the registry hive.
14) Click Edit -> Find again and search for ‘resycled’ and repeat as in step 13, deleting the entries as it finds them. (I found 2 of each)
15) Close registry editor and try opening the infected drives. They should work now.
16) Download updates version of Malwarebytes' Anti-Malware from http://www.malwarebytes.org/ and scan your system.