Quick fix for thatTxLobo wrote:in reference to this..
I had a fun one at the start of the week that I had not run into before..
the computer would flash up that IE had been blocked by Microsoft Security Essentials due to being infected with a Win32 Trojan. Would I like to clean the infection?
I isolated the box and played with it for a bit.. if you agree to the "cleaner" it opens and starts searching for ANY anti virus/malware removal program that you have on your computer and will delete it.
Ended up I had to run rkills to stop the hidden processes, then I was able to install a fresh copy of Malwarebytes.. (if you tried to use the existing one, it would tell you it was infected and block it from running) .. Then you were able to clean the machine.
the trojan drops a file with the same name as a microsoft NT update called "hotfix.exe"
I use Malwarebytes, combofix and follow up with a separate independent scan from Eset.
A. Reboot in safe mode w/ networking
B. run msconfig, in there you will see a program with a really funky name, and it will be running from a "temp" dir, uncheck/disable it
C. Reboot in safe mode w/ networking (the program/services no longer running) update all anti-virus/malware, run what you can (sometimes they wont run in safe mode)
D. Reboot regular, re-run...you should be clean
Apply the hosts thing I have been posting about...my cousin keeps infecting her computer by doing facebook and junk...put that hosts entries in there..clean as a whistle for quite some time now.