 |
PM |  | |
Quote | | |
Reply | | |
Full Topic | |
| Joined: | Sun Feb 26th, 2006 |
| Location: | Oregon, USA |
| Posts: | 2897 |
| Status: |
Offline
|
In many cases these infections combine with an older one that you may not know you have or easily get in due to back doors left over from previous infections that were not completely removed and when this happens you frequently have to remove the hd scan it externally and even then often have to do a repair load of windows xp or a fresh load of vista/w7. These are very difficult to remove properly.
I spend my days working at a computer store doing pretty much nothing but virus removal, since this latest one hit computers we have had about a five day backup with all the infected computers!
there is a pretty tried and true method for removing these non virus and even a few of the virus infections.
1. combofix in safe mode (bleeping computer is the proper download site for it)
2. hijack this (free.antivirus.com/hijackthis) to remove startup items permanently.
3. LSPFix removes network stack hyjacks if you know how to use it!
4. superantispyware and or malwarebytes (their websites are pretty easy to find with google) malwarebytes will install in safe mode so it's a bit better tool for early removal.
5. SDfix an older tool that will clean up older backdoors restore your hosts file and some other stuff. (extracts to a folder on the root drive with a runme batch file) Also run in safe mode.
6. reset registry and file permissions to defaults ( older smitfraud variants messed up user permissions desktop settings and lots of other irritating things. subacl and a reset batch file. (if you can't find these on the web I can put a zip file together with some of these tools if there is any interest PM me)
7. full virus scan in normal mode if windows will run in normal mode now.
8. windows updates! latest updates to IE, OE, Firefox, Thunderbird or other browser/email clients I suggest Adblock addon for Firefox and Thunderbird
Of course there are a million stumbling blocks that will interrupt this list most commonly permission hijacks that prevent you from doing registry edits and resetting desktop settings...
Just my 2c from the computer guy on his day off!