Disabled exe files

November 12, 2011 at 17:45:19
Specs: Windows XP

See More: Disabled exe files

Report •

November 12, 2011 at 18:30:56

Need to make sure the malware is gone...

On Windows XP:

Go to Start > Control Panel and select: Folder Options
Double-click on the Folder Options icon.
Click on the View tab.
Under the Hidden files and folders section, click:
Show hidden files and folders

Remove the checkmark from: Hide protected operating system files (Recommended)
Remove the checkmark from: Hide file extensions for known file types.

Click: OK

Now, search for the following:
C:\Documents and Settings\All Users\Application Data\privacy.exe

If it exists, rename privacy.exe to vir.com

Restart your computer.
The malware should be inactive after the restart.

If the file does not exist, that is fine also. Please proceed with the following:

Download exeHelper from one of these two places:
Save the file to the Desktop.

XP users, double-click the file to run it.

A black window should pop up
Press any key to close, once the fix is completed.

>>Please post the contents of the exehelperlog.txt in your reply.<<

[It is created in the directory where you ran exeHelper, and should also open at the end of the scan.]

Next, download RogueKiller

Save it to your Desktop.

Now, close all open windows and browsers.

XP users, double-click the file to run it.

When prompted, type 1 (Scan) and press Enter.

An RKreport.txt should appear on your Desktop.

Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

>>Please post the contents of the >RKreport.txt< in your reply.<<

We will take further action based on the results of this report.

Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals

Report •

November 14, 2011 at 00:24:41

An effective way of using a path rule is to create a default rule that prevents users from executing anything at all. You can then create other rules that allow users to execute programs found in system related paths. It is important to allow users to execute files in system related paths because otherwise Windows will not function correctly. The paths that you must permit access to are:

And the network installation path (access to msi-packages)

After that is set, ...

Now use Hash rules for specified users to further close access to programs in any of the pathes you did allowed in the path-rule.

Report •
Related Solutions

Ask Question