Search This Blog

20100410

Antivirus and Internet Security Solutions

As an anti-virus and internet security solution, Avira has recently been useful.

Just today, a client asked me to get rid of the dreaded Windows Rootkit virus. USing the free Avira AntiVir Rescue System LiveCD, and later, Malwarebytes Anti-Malware in Windows safe mode, I was able to complete that task within 4 hours.

Then after using CCleaner, I also found a trojan that runs at start up. The trojan was given the process name of NFIJUGARORO, yet ran an executable named ipoyamuzage.dll. This particular bug also required me to use regedit to carefully delete it.

Avira: http://www.avira.com
Malware Bytes: http://malwarebytes.org/
CCleaner: http://www.ccleaner.com/

1 comment:

Steve said...

Steps to get rid of the virus:

*Warning: the following instructions are directed to computer professionals and superusers who have had experience with regedit, burning ISO files to CDs etc. Otherwise, YMMV regarding successful results without reinstalling Windows. FWIW I take no responsibility for any damage resulting from lack of preparation. You have been warned!*

0) Read all websites carefully and then download the 3 software mentioned.
1) download and burn to CD the Avira AntiVir Rescue System
2) boot from it and choose English by clicking on the UK flag.
3) then scan your hard drive and let Avira rename the virus and its associated components.
4) when it's done, reboot & remove the CD.
5) Press F8 to get the Windows boot menu. Choose Safe Mode.
6) Install Anti-Malware, upgrade it, and run it to catch the malware.
7) Finally, use CCleaner and go to the registry screen and look for the entries marked HKLM: Run to look for empty entries i.e. without any executable associated to the process named. You might find a trojan here. It might even have a name similar to the ones I provide.
8) Click on Start: RUN and enter:
regedit

9)Make a backup of the registry.
10) Search for the trojan using the names listed by CCleaner.
11) Delete only that entry and exit from regedit.
12) Reboot Windows, and use Anti-malware to scan the hard drive again.