Hi Stepahn - I know this horrible pest well!
This virus has been around for quite a while (about a year) in different names, infection paths and slightly different signatures, to keep ahead of virus checkers. My brothers friend got it on his laptop, and it took me a few hours of cursing and reading the internet to get rid of it. At the time, maleware bytes, spyware monitors, windows defender etc didn't recognise it. I hate being "the computer guy" everyone comes to for help - I get all the sh*t.
It's a nasty bugger - it adds itself to various startup locations in the registry, including attaching itself to internet explorer or another browser to re-infect too. It also takes over *.EXE file execution, so you can't run virus checkers to remove it. It can be manually cleaned however - it's actual infection files usually resides in the User folders and has been dropped and executed in their via a Java exploit.
I got rid of it by running a program that kills all startup items (search for rkill.exe) and dodgy processes, then ran a script that returned the *.EXE files back to normal in the registry. Did all this in safe mode I think. Then I searched the registry and hard drive for the infected files. The one I had was called AVE.EXE, but it can be named different and the dropper file (the one responsible for downloading and re-infecting your PC) will have a random name, probably in the Sun Java folders if I remember rightly in my case but it may have been modified to infect differently. You can find the randomly named dropper file by searching for a file with a creation date the same as the AVE.EXE (or other common virus name it comes under) file.
I'm trying to remember back a year ago, so it's probably easier just to link you to my anandtech post when it was all fresh and to keep the facts straight: http://forums.anandtech.com/showthread.php?t=2067277 (read my second post down for more detail).
Sounds complicated, but I'd imagine there are auto cleaners out now that will do all this for you. Just suggest doing a search and read about AVE.EXE and RKILL.exe to get you on the right track if other programs fail. Good luck.
Results 1 to 10 of 11
Thread: Virus issues.
Threaded View
-
10th October 2010, 21:44 #2For those who dare! ClassicWB dev
VIP
Forum Mod
- Join Date
- Dec 2004
- Posts
- 601
- Downloads
- 0
- Uploads
- 0
Reply With QuoteSimilar Threads
-
PCMCIA Issues
By StuKeith in forum HardwareReplies: 5Last Post: 11th March 2010, 18:01 -
what (free) anti-virus (PC) are you using now?
By Tiago in forum PC - Windows, Linux, MacReplies: 8Last Post: 15th May 2008, 22:56 -
Anti Virus software
By softlad in forum AmigaReplies: 34Last Post: 16th December 2007, 23:25 -
The origin of Virus
By Harrison in forum GamesReplies: 1Last Post: 10th October 2007, 11:10
Tags for this Thread
Posting Permissions
