My friend's got infected with some rogue spyware that insisted on him to buy an antivirus program for ~50$. The pest constantly stayed at bottom of his taskbar saying: warning your computer is infected, please buy this program.
I've seen this type of virus before and started my favorite free antivirus pack: Spyware Terminator, then MWAV/Kaspersky/, then CureIt/Dr.Web/ and Ewido/AVG/. During the scan in windows safe mode CureIt recognized a few files(variants) but even after their removal the virus stayed on the computer. From the commercial antivirus solutions that I've tried Sunbelt Counterspy detected the trojan properly:
Trojan-Downloader.Zlob.Media-Codec
a variant of SpyAxe/SmithFraud/SpywareQuake
My friend got worried and after some research on Internet I've found the Smithfraud fix tool:
http://www.bleepingcomputer.com/files/smitfraudfix.php
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
The procedure that cleaned up the computer was pretty straightforward:
1. Turn off the Windows System Restore
2. Reboot under safe mode and run the SmithFraudFix.
3. Press 2 from the options and the virus will be cured.
The application restarts the explorer shell, kills the trojan process, and then deletes the specific virus files.
Update: One week later during active browsing the computer got infected again. This time when someone tried to open a folder in Windows Explorer the annoying alertbox popped up saying: You have a virus and you must download an antivirus application.
At least the virus name was known as 'Files secure' having an entry in Add/Remove programs. But the uninstaller's 'Next' button was disabled, so it couldn't be removed. The above described 3 step procedure again fixed the problem.
Hope this will help you!
0 коментара:
Post a Comment