AV security suite removal

Cap'n Jack

Cap'n Jack

Final Approach
PoA Supporter
Joined
Jun 25, 2006
Messages
8,909
Location
Nebraska
Display Name
Display name:
Cap'n Jack
I got nailed with this one just now...

Does anyone know of a good site with instructions to remove it, or a good removal tool? It took Symantic down. Google comes up with a bunch...but I know some of the "removal tools" are really other parasites.

Thanks in advance!
 
Update- I started the computer in safe mode, ran MSCONFIG, and turned off all programs listed under the "Startup" tab. Rebooting the system gave me access to PC-cillin; it's scanning now.

EDit: Further update PC-Cillin found nothing (it's still in there). I have e-mail, but IE7 can't connect to anything.

Any suggestions for other tools?

Agaon, thanks in advance!
 
Last edited:
Did you try a System Restore?

I suppose the malware could easily delete the previous save points.
 
System restore- no good. Malwarebytes seemed to remove the program...but IE is claiming that it can't connect with HTTP, HTTPS, or FTP. E-mail seems to be working though.
 
What pseudo program does it try to run? I might have a solution for you...
 
I think it's working now...system restore finally came up and I went back before this weekend...I'm using the computer that was infected.

What a pain...

Thanks for the suggestions!
 
Be careful. A colleague of mine had a similar issue resulting from a drive-by of that trojan. It apparently made a change to the IP stack so the bugger remained after removal - it manifested itself by intercepting some web searches and attempted to re-download the trojan.

Corporate IT shut off his computer from the network (after he'd already had it reimaged by the same Corporate IT department....) and made him have it reimaged a second time (that was IT's problem, not his, but sometimes the fastest route is repetitive action). Seems that some versions of that trojan replace some of the IP dlls and muck up the registry.

I wouldn't rely on the AV programs to eliminate it....
 
Bill- I hear you, and thanks for the advice.

Being the trojan asked me for a credit card number, one would think they could "follow the money" to whoever is writing this "software"
 
You must log in or register to reply here.
Back
Top