try these on an infected computer - no safe mode, no boot cd, no Anti-virus. command prompt required.
randoms - not by steps.
run cmd. command not preferred.
dir /a in c: - look for autorun.ini, *.bat, *.cmd, *.exe - suspected files
attrib -h -s -r infected file before delete
del [filename] - attributes are -
tasklist - look for active process
taskkill /pid # /F - kill process, F by force
hijackthis - fix access to registry
unlocker - unlocker and hijackthis most cases work even tho computer is infected.
regedit - go to key and enable folder option and task manager
dir /aD - look for virus directory in windows and system32, most common cases are alphanumeric or system_3 is common these days... hint hint from process (tasklist) or to make life easier, use autoruns for windows - google in sysinternals to find the worm name and location.
enable view hidden and system file to delete or
dir [filename] /s /a in c: to look for worm or file name running in process e.g. system_3 or change attribute to delete in dos.
the important thing in the exercise is to eliminate the running process.
After these, try reinstalling your AV and do a complete scan.
Oracle VM VirtualBox
Wordle
No comments:
Post a Comment