Part 1: How to clean my computer of viruses? How to remove rogue antivirus live 2009




My computer was hit with this fake antivirus live pop up two days ago. I have always been careful, with firewall running and behind a router. How the popup ads managed to show up is still a mystery. Suspicion is my unpatched IE 7 and firefox hole. I spent three hours that night to fix it.

When you see this screen (see attached image), you computer is already infected. Stop it from running and infecting more files.

You can try

I) http://www.myantispyware.com/2009/12/07/how-to-remove-antivirus-live-uninstall-instructions/

and

http://www.combofix.org/

Or,

if you like to try to do-it-yourself, like me,

II) I manually cleaned up the regedit part, searched for *sysguard.exe in both registry and PC, deleted them if allowed, or remember their location in the PC, as it would say "locked".

1) How to stop the file being locked, so we can delete the file?
Create a shortcut of the location on the desktop. Restart the computer. Within a minute (before the virus starts processing and lock the sysguard.exe file ), delete the file.

2) Run TrendMicro free cleanup tools
http://free.antivirus.com/clean-up-tools/
(four trojan horse viruses were cleaned)

3) Install free Microsoft anti-virus software (for authentic XP or Vista)
http://www.microsoft.com/Security_Essentials/

4) Install free Sygate Personal Firewall (no expiration date)
http://download.cnet.com/Sygate-Personal-Firewall/3000-2092_4-10049526.html

5) Upgrade IE 7 to IE 8, as there seems to be a big hole


6) Remaining is a annoying pop-up that says "Error loading: C:\windows\system32\jetebusu.dll".

Good news is that this is a malware file not found, as already removed.

I will fix this pop up later; my computer is running fine now.

No comments:

Post a Comment