I'm sure some of you maybe of seen it already, but take a look at the screenshots below...
The only way we've been able to remove the virus use the Malwarebytes' Tool. The instructions in the forum post below work 100%. The tool needs to be run in the user account it's hijacked. However, we've seen one computer corrupt itself as the virus had time to completely ruin the boot-up and then we had to rebuild it from scratch.
Removal instructions for System Tool - Malwarebytes Forum
We've blocked the hotmail website as a precaution so far to stop any further infections. It might be worth warning staff who have home computers that could be at risk. Unfortunately, it's bypassed Sophos Anti-Virus (due to the nature of how the virus renames itself everytime it excutes after a reboot) and it cannot be detected outside of the user account it's hijacked.
It's adverts in general - even the London Stock Exchange was spreading it apparently.
we unfortunally had a member of staff recently infected with this, i spent 2 days scanning for this rogue and nothing was found, i evan tried malwarebytes and it did not work, but i didn't try it this way, i'll try it this way next time, thanks
ive had this on many private jobs - best solution i found was
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
make sure you boot into safe mode - as usual!
make sure SAS has the latest version - has not failed me yet
I've said it once and will continue to say it many times : SAS bulks out results with legitimate files, if you want to trust your network/systems to that level of deceit then you might as well open it up to proper infections.
I've had it loads on private jobs too.
Boot into safe mode
The file is in Documents and Settings / user / app data
there is a folder with random letters and numbers
Delete that and run malwarebytes / alternative
Found it using the old rename OLD.xxx letters and numbers the normal stuff would not remove this one.
One happy head teacher :-) Cheers.
There are currently 1 users browsing this thread. (0 members and 1 guests)