Im about 2 seconds from a good formatting...
LinkBack URL
About LinkBacks
Pull the HDD out of the laptop. Attach it to a clean computer that has all of those aforementioned antivirus/spyware removal software. Clean up whatever else it finds. Put the laptop HDD back in and reboot the laptop to CD. Run a Windows Repair and replace all of the system files. Im willing to bet you it will get rid of the spyware. With all of that said, you are better off formatting and reloading the OS.
CD gives good advice, this is a nasty one. Haven't seen one so destructive in a while...Originally Posted by Creeping Death
I just finished complete rebuild of one of my buddies kids laptops..was able to get rid of everything except c:\windows\system32\drivers\adsiceys.sys...if it looks random, it is. Could delete it as a slave, and loaded registry hives as slave on clean system to clean reg, but driver would still reappear on second reboot of drive itself. Finally threw in the towel. Wish I had more time with it.
I could never get Combofix to run on this system, but it is a handy little app for rootkits as well.
My suggestion is to download a Linux Live CD image and burn the image to CD and then boot up from the CD and copy your data to another computer via the network, (FTP works great) scan the data and reinstall windows and then copy your data back to the original location. Since this is on a laptop pulling the drive out of the computer may be difficult and you will need an adapter to connect it to a desktop computer. If you choose to try my suggestion I can walk you through it step by step to help you with connecting to the other computer and copying the data. Also make sure you scan the data with a Virus scan software not just a anti spyware software. AVG free will do a great job cleaning as well.
When I dealt with this crappy virus it honked windows to the point where a repair was useless. And this virus was only on the system for about 5 minutes by the time I got to it. You get this virus from a Popup windows that expands full screen and replicates your desktop and makes it look like it is scanning your computer once the simulated scan is complete it reports that you have a virus and you need to install Antivirus 2009 to remove it. well clicking on this actually installed the virus and then you are screwed.
I ran into this on my Linux installation and started laughing at the popup as it showed me a windows explorer window and said my computer is infected.
I have cleaned literally 40-50 infection of it over the last 6+ months at my office (I support over 600 users). The best removal tool for it so far I found is using the malwarebytes scanner - the most up to date version removes most of it. A full scan using the anti-virus program that did nothing to stop it in the first place seems to get rid of the rest of the components.
Hijackthis works well too, but i don't like to recommend it to people unless they know what they are doing. You can hose your system if you remove the wrong stuff.
Remember, no one virus/malware/spyware scanner will detect and catch everything. If you think you have an infection, there are many free legitimate tools you can use - I have listed a few below. You must use common sense at all times even if you have a good virus scanner installed and are up to date on the detections. It appears that some legitimate web sites do not seem to screen their advertisers and are infecting people with this malware. If you do get the popup on your screen to run/install this fake scan, do not click on it or try to close it, simply hit ctl-alt-del and end task on the page/process. That should keep it from installing on your system.
If you have been infected, after you clean up your system and you are sure that your PC is clean again - CHANGE YOUR PASSWORDS - Especially bank passwords. If you did any online shopping on an infected PC, let your credit card company know that your card # may have been compromised and have them issue you a new card. One of the payload components of this malware is a keystroke logger. This is something that is becoming more and more common in malware attacks.
Here are some good removal tools to add to your arsenal (keep some good tools on a flash drive in case you ever suspect that you are infected. Try to keep them reasonably up to date in case you ever need them). I keep a couple installed on my PC and run a scan for the heck of it every month or so):
Spybot Search and Destroy
Malwarebytes Anti Malware
Ad-aware
google pack has two anti-malware prodcuts in it that you can install (note: spyware doctor is not free anywhere else but from this install)
TrendMicro has some good tools, including hijackthis
My final recommendation - keep some of the crap out of your network before it can get to your computer by filtering your internet connection. I use OpenDNS. I use it to block some ads, known malware sites, and phishing sites. This is far from a replacement for common sense, but it can help. I have my parents on OpenDNS too.
Hope this helps,
Dan
That thing looks like a monster. Reading up on it it seems extremely destructive and also a damn good data miner.
Posting Permissions
Reply With Quote
DRice
