A quick note on a clients system that pickup up BankerFox.A and Nuqel.E trojans plus a bunch of porn pop ups.
These were very clever trojans, disabling just about anything you need to run to remove them. The also ran in memory, so once you removed them, they wrote themselves back into the system.
After numerous tries of the different posts out there on the internet, the following is what I found that work for this client.
There are post that tells you to use the Spy Hunter package, they may work but you have to pay for the software.
All of the posts that I found on the internet as of Nov 10/2009 did not work, I tried a number of them.
The free solution that I used to remove was as follows.
I used SmitFraudFix v2.423 (WinXP, Win2K), (http://siri.geekstogo.com/SmitfraudFix.php) and the free home edition of
Avast 4.8 ( http://www.avast.com/eng/download-avast-home.html )
Put the system in to safe mode and run SmithFraudFix. Run the Avast 4.8 after, it will detect the trojan in memory and ask to do a restart to do a memory scan on startup. Ok this and let it do the scan. Once it finds the trojans, do a delete.
Once is it finished, it will restart. Instead of letting it restart in regular mode so that it can continue with a regular scan. Power the system down before it restarts. Restart it back into safe mode and do another full scan with Avast.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment