a week of bad luck --- I will concentrate on the virus elimination side .........
a tomin guy become abusive towards me as he got treated the same way by his Arnie?
a check-out lady refused to process because her line only do 12 items not 15.
life is struggle or adventure ??/?
anyway , this is a tech blog...... about virus on windows 7
last week is a week of a particular virus named zero-access root kit ,
how they got in .... JAVA 6
Microsoft security essentials got hit hard .... virually got destroyed ( if you use it as anti-virus)
symptoms: you cannot download files from internet, you cannot open file attachment, you cannot install MSE, AVG, AVAST etc,
your IP will be blacklisted as it spams
windows defender service not working, windows update service not working, I don't think bits, firewall service working either. here is a reference
http://forums.majorgeeks.com/showthread.php?t=263189
things to do
1/ http://kb.eset.com/esetkb/index?page=content&id=SOLN2895&locale=en_US
use the nod kill tool,
malwarebyte may not kill all.
2/ repair windows defender service , I followed an internet post, and copied windows defender dir from a good PC to the infected PC,
that worked for 1 infected PC, but still not enough for another infected PC
3/ I fixed windows defender on 1 PC, but windows update service still refuse to run, AVG reports driver not found, avast reported RPC error, system center 2012 end point security can install, but upon reboot , it will report error, mpclient missing etc
4/ eventually I pull out the notebook hard drive , and put it in a USB enclosure, and use system center 2012 endpoint security to scan it.
eventually it found and remove this
Trojan:WinNT/Necurs.A is a trojan that prevents a large number of security applications from functioning correctly.
System Center Endpoint Protection detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.
Items:
file:F:\Windows\System32\drivers\bde26f3e184345c0.sys
filelocalcopy:\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{B7231402-7DBB-4D8F-A8E6-FB3EB42FFF40}-bde26f3e184345c0.sys
once the .sys got removed , boom...... everything comes back to life.
here is a hardware tip
battery on a Lenovo note book SL510 showing not charging, the battery icon was flashing orange on the front of the case. upon examination, I noticed the batt is installed , but the latch is not in the locked position.
the answer is to lock the battery . then everything back to normal.
this weekend better to be a good one.
a tomin guy become abusive towards me as he got treated the same way by his Arnie?
a check-out lady refused to process because her line only do 12 items not 15.
life is struggle or adventure ??/?
anyway , this is a tech blog...... about virus on windows 7
last week is a week of a particular virus named zero-access root kit ,
how they got in .... JAVA 6
Microsoft security essentials got hit hard .... virually got destroyed ( if you use it as anti-virus)
symptoms: you cannot download files from internet, you cannot open file attachment, you cannot install MSE, AVG, AVAST etc,
your IP will be blacklisted as it spams
windows defender service not working, windows update service not working, I don't think bits, firewall service working either. here is a reference
http://forums.majorgeeks.com/showthread.php?t=263189
things to do
1/ http://kb.eset.com/esetkb/index?page=content&id=SOLN2895&locale=en_US
use the nod kill tool,
malwarebyte may not kill all.
2/ repair windows defender service , I followed an internet post, and copied windows defender dir from a good PC to the infected PC,
that worked for 1 infected PC, but still not enough for another infected PC
3/ I fixed windows defender on 1 PC, but windows update service still refuse to run, AVG reports driver not found, avast reported RPC error, system center 2012 end point security can install, but upon reboot , it will report error, mpclient missing etc
4/ eventually I pull out the notebook hard drive , and put it in a USB enclosure, and use system center 2012 endpoint security to scan it.
eventually it found and remove this
Trojan:WinNT/Necurs.A is a trojan that prevents a large number of security applications from functioning correctly.
It is a member of the Trojan:Win32/Necurs family, and may be dropped by other variants of the family or rogue security software, such as Rogue:Win32/Winwebsec.
System Center Endpoint Protection detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.
Items:
file:F:\Windows\System32\drivers\bde26f3e184345c0.sys
filelocalcopy:\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{B7231402-7DBB-4D8F-A8E6-FB3EB42FFF40}-bde26f3e184345c0.sys
once the .sys got removed , boom...... everything comes back to life.
here is a hardware tip
battery on a Lenovo note book SL510 showing not charging, the battery icon was flashing orange on the front of the case. upon examination, I noticed the batt is installed , but the latch is not in the locked position.
the answer is to lock the battery . then everything back to normal.
this weekend better to be a good one.
I've used AVG security for a couple of years now, and I'd recommend this antivirus to everyone.
ReplyDelete