deleted. Didn’t notice the thread was old.
Ha! I caught someone in my carefully placed zombie trap!
No, actually, I’m really sorry about that. I Reported the thread to the mods to see if they want to close it. I should have PMed Cleophus to thank him, I don’t know what I was thinking. :smack:
Heh, thanks! The thread seemed familiar when I saw it. But yeah, the manual removal guides are almost worthless for the average user because, as you saw, knowing what to remove is a big step from being able to remove it.
This. Sometimes the best approach is to start clean. My suggestion is while you have access to your internal hard drives back up all your important files. Do that first before trying all the various remedies like the ones already mentioned. The one that has worked for me more than once is Combofix because it attacks the problem in multiple ways. But I repeat my suggestion to save your files and start clean again. That’s the only way you can be sure that your computer’s OK.
OK, after getting nauseous over a few posts of OS bashing and some tripe, here are the FACTS:
Many malware programs install “watchdog” programs that “look” to see if a sister process or even the primary is running, as does the primary one. If one drops dead, the other launches it and even reinstalls it. In short, a royal PIA to kill off. They even monitor the registry and reinstall their entry when it’s manually removed. Some even install OTHER malware to keep it company, because such writers are such nice folks…
In short, you’re rather screwed. EVERY CLIENT that I’ve performed network security functions for has been advised, copy off whatever wasn’t backed up on a computer that has no autorun available. Virus scan it to the 12th pit of hell (the copy). THEN, format and reload the computer.
Restore the important documents and treat them with great suspicion.
The BEST practice is format and reload, screw the data. But, I’ve worked at corporate offices and with the government. I can’t go into detail, due to NDA issues, but recovery IS potentially possible, within a boatload of precautions (NO programs or scripts are permitted to be backed up, ever).
I got that attack about a month ago, and it was much nastier than the one mentioned above. I could not boot into safe mode, so the Cleophus fix wouldn’t have been an option. Note: I didn’t read the rest of the thread, just from yesterday on. I did have a linux boot sector that I could boot into. I found the suspect nasty virus from the Task Manager window as things were booting up, so I deleted it from linux. That got me back into Windows without the idiot XP Antivirus program coming up. So then clean up began.
I ran just about every free antivirus and anti malware program out there, which eventually said that the system was clean. But it had attacked my system restore points and lots of registers and who knows what else. After a week of cleaning, I actually screwed something up so my system would not boot into Windows. I gave up and took it to the computer shop down the street. On their initial scan they found over 20 still active viruses and trojans. The version of AVG that I downloaded after the attack was also infected. After working on the system for a week, the computer shop threw in the towel, wiped the disk and reinstalled Windows.
I got the scour.com redirect about a week ago. After arm-wrestling with it, I stumbled upon Kaspersky TDSSKiller which found and removed the infection.
When browsing this site I turn off JavaScript to avoid any unpleasant encounters.
Considering the usefulness of your contributions to the thread, I would assume its already infected with some kind of bad advice trojan. 
[Computer guy hat on]
This is overkill…
Not really intending to pick on Wizard one just highlighting for clarity.
This is the common attitude among internal IT folks, nuke it, reload it, call it a day. When you are being called into small businesses without image archives of most of the machines on their network or working on personal machines these users suffer immensely in usability, loss of bundled applications, loss of familiar pathing to personal files, etc are crippling to minimlly skilled users. This mindset would also leave many of my customers out of business for a day and a half while we rebuilt all their application loadouts into something functional again.
Hitting such a machine with 2-3 different AV apps like combofix, malwarebytes, rkill, spybot, MSE, etc creates a good enough assurance that the viruses in question are dead. there may be another bug or two lurking quietly, but every day they lurk makes it more likely that AV updates will be released and kill it before it deploys again.
When you are dealing with minimal PC skillsets, especially in small business, a softer touch and a little more applied brainpower is called for. It may take another hour or so and its around 95% effective in my experience at solving the problem, while leaving everything else exactly where is was. Especially since most of this stuff lately is just trying to phish for credit cards.
If it was up to me, nuke and reload should not be a legal answer to the question and people who give vague psuedo answers should be lined up and slapped with a trout.
Heh, rookies. Me and my guys in the shop usually have just about anything broken down within a day or two, if they spent a week dicking around with it, they are doing something wrong.