|
I've gotten that shit three times in the past 3 months. It's a bitch.. But I can give you the course I followed, which might not work for you if you've had it for awhile. I have Vista, so if you have another OS, it might not work the same.
The first thing I do when I see the first pop-up is to immediately control-alt-delete, which will then pop up with the security options, and I select Task Manager. Go into processes, and you will see a process that first launched today, usually called "ave.exe" running. Before you hit "end-process" right click on the entry and select "Open file location" and select enter. It will bring you to the internet temporary files directory when the command is located. Keep that window open, and return to the Task Manager, right click on the virus file, and "end process." It's going to want to relaunch itself, so you have to be quick. When you end that process, return to the directory you opened with the virus file in it, and delete the file. Don't go anywhere, though. In the same directory, there will be another file with the same date on it, made up of various random numbers/letters/both, which is the stealth file that launched the virus to begin with. Delete that immediately as well.
Re-check the processes again to make sure it's not showing up again. The nasty part is over for the most part, but depending on how long it's been on the computer, it could have hidden itself elsewhere in your system. But if you did all steps, you will be okay.
Next step is a pain, but it's a lot simpler. You're going to find launching an *.exe file is very difficult, because the virus at some point put itself into the system and changed the file association of your *.exe files to something other than launching the program as their own root. This is extremely aggravating, and it's the one where I tell you to google for a fix to help make *.exe files launch again, because there are several ways of doing it, many of them telling you to go to regedit, find a certain entry and alter the reg file reference. I prefer finding a *.reg file from a respected and trustworhy site, download it, and double click on it to make the fix automatically. If you decide to go the same way as I do, put it on your desktop, because you're going to have a tough time getting into your other directories until the fix is made.
Last step. If you haven't already got Malwarebytes anti-Malware, download it from cNet, ZDnet, or some other site. Google it, if you need to, and you'll find it. If you had run BAM earlier, when the virus was still active, it would have altered the file, and prevented you from killing the virus. I know--I tried, and MBAM ran most of the night, only finding absolutely nothing. When it scans your system, MBAM will likely return three entries to take care of--tell it to delete them or move to the vault, and after that, you should be cleaned off.
That's it.
|