MiCarl Posted November 7, 2009 Posted November 7, 2009 This morning I picked up a nasty that kept popping up and warning my computer was infected and did I want to scan etc. The little sucker couldn't be killed. It's known as Antivirus System Pro It was preventing me from opening the windows task manager so I could wring it's filthy little neck. Finally I logged off and back in and started the windows task manager before the malware got started. I was able to kill the processes and go after the damage it caused. If course I was aggravated and went after it with an axe and didn't really think about documenting what I did. My best recollections here for anyone that needs to rip it out: It had created a folder in "My Documents" named "Program Files". All it's nasty executables were in there. I deleted the folder. I use a hosts file to suppress ads. It had re-written the hosts file so it could phone home via a fake web name. I fixed the hosts file. I used CCcleaner to clean out the registry. For anyone using a hosts file the following entries should block it from phoning home: 127.0.0.1 winwarepro.microsoft.com 127.0.0.1 winwarepro.com 127.0.0.1 http://www.winwarepro.com It probably overwrites them, so you might have to re-add after an infection.
SilvrT Posted November 7, 2009 Posted November 7, 2009 For those who don't know, the "hosts" file is located in C:\Windows\System32\drivers\etc If you go to Start | Run and type in "drivers" (without the quotes) and hit Enter, it takes you there and you just have to open the "etc" folder. You open the hosts file with notepad. If you are running any spyware such as Spybot S&D, you will see a lot of entries in there.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now