* Windows registry would only stay open for 10 seconds
* Windows CMD would not open
* Anti-virus and Firewall were disabled and removed
* Windows Security Center disabled – you don’t see the shield
* Browser redirected to malicious websites
* Not able to download or update ANY security products
We suggest you use Malwarebytes which does a great job of removing most of the malicious files. Before you install Malwarebytes (or any security software including being able to download windows updates) you need to search for and remove the following entries, otherwise Malwarebytes (or any other security software) will not work properly, download or install:
* Winconfig.dll
* A360.exe
* Winsystems.dll
* DELETE all files in the "PREFETCH" folder
On deletion of the above files, you can now download and install Malwarebytes.
Here are the keys, data items, files and folders that you should remove:
Registry Keys Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d263fa6d-84cc-48a8-9af6-c664362b7a5b}
HKEY_CLASSES_ROOTCLSID{d263fa6d-84cc-48a8-9af6-c664362b7a5b}
HKEY_LOCAL_MACHINESOFTWAREUAC
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUACd.sys
Registry Data Items:
HKEY_CURRENT_USERSOFTWAREPoliciesMicrosoftInternet ExplorerControl PanelHomepage
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter)
Folders Infected:
A360 (Rogue.A360Antivirus)
Files Infected:
A360.lnk
Help.lnk
Registration.lnk
A360.lnk
MicrosoftInternet ExplorerQuick LaunchA360.lnk
C:WINDOWSsystem32uacinit.dll
C:WINDOWSsystem32UACftdrxsnm.dll C:WINDOWSsystem32UACpulqeavn.dat C:WINDOWSsystem32UACrtaxtmsn.log
On completing this scan/removal and rebooting Malwarebytes you should now be able to update automatically (and other security software including windows update should now be ok too)
Installing Antivirus and a Firewall
You should now install your antivirus (this will also activate the appropriate product updates as well as Windows Security updates – you should now see the Windows Security Shield in the TASK BAR).
We use avast! – download, install and run a boot scan (it will prompt you to do this after installation) which should find these infected files:
C:documents and settingsuserlocal settingsPgmm.ltm [Trojan]
COCUME~1userLOCALS~1PGMM.LTM [Trojan]
C:WINDOWSsystem32kernel32.dll
C:WINDOWSsystem32winsock.dll
C:WINDOWSsystem32wsock32.dll
You will be advised to restart your PC.
No comments:
Post a Comment