Friday, April 07, 2006

Adware infection

My computer somehow got infected with an adware that prompts that i am under security risk:


It also changes IE home page as follows:


I checked registry's run and runonce of no avail. My symantec antivirus didn't fing anything either. On the internet all the advise includes downloading of some software which I didn't like. I wanted to manually eliminate that beast.

So I looked at c:\windows\system32 to see if I get some clue. On one of the webpages it mentioned about mssearchnet.exe. When I saw it in system32, I got suspicious. I also noticed that nvctrl.exe, stickrep.dll and dfrgsrv.exe appeared there on the same day (04/05/2006):


I tried to delete them right there but couldn't since they were already running:


I started regedit to see where they were hiding:


I deleted them from the registry but it was of no use since somehow they added themself back.

So, i restarted my PC in command prompt mode. There I deleted all those bastards with our good old del command. Now peace reigns again :)

1 comment:

Rahmi Lale said...

Abi neden/nasıl oluyor da bu kadar viroidal enfeksiyonlara maruz kalıyorsunuz? Çok da bildiğimden değil de, bir firewall'unuz ya da bu işe server mertebesinde önlem olacak bir sisteminiz yok mu?
Kardeşinin bilgisayarına sürekli virüs bulaştırması dolayısı ile erişimini engelleyen Şamilziimin bu durumu içler acısı valla ;)

Öperim.