1. Disconnect the network / internet.
2. Perform cleaning trojan on mode "safe mode".
Perform the following steps:
- Restart the computer (if it is off just press the power button)
- When will boot press the F8 key on the keyboard continuously until the screen appears "Safe Mode"
- Select the mode "Safe Mode", and click [Enter]
- Let it run until it snaps Login menu of Windows.
* Turn off and remove the trojan BitCoinMiner / BtcMine.
Perform the following steps:
- Download removal tools (on a clean computer) to clean the trojan BitCoinMiner / BtcMine on computers that have not been infected on the following link:
- When finished, compress the file to a zip file.
- Copy the file and place it anywhere on the infected computer.
- Right-click the zip file, then click explore.
- Double click the file that has been in-explore in order to operate, and then click Run.
- If Dr.Web CureIt window already appears, click OK to run in a mode of EPM (Enhanced Protection Mode).
- Click Start to begin the scan, and click Yes to start.
- Allow it to scan process is complete.
http://www.freedrweb.com/download+cureit/?nc=t&lng=en
Norman Malware Cleaner
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
* Repair the registry that has been modified.
Perform the following steps:
- Copy the script below to notepad:
[Version]
Signature="$Chicago$"
Provider=VaksincomOyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ShowSuperHidden,0x00010001,1
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,SuperHidden,0x00010001,1
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,HideFileExt,0x00010001,0
HKLM,SOFTWARE\CLASSES\batfile\shell\open\command,,,"""%1""%*"
HKLM,SOFTWARE\CLASSES\comfile\shell\open\command,,,"""%1""%*"
HKLM,SOFTWARE\CLASSES\exefile\shell\open\command,,,"""%1""%*"
HKLM,SOFTWARE\CLASSES\piffile\shell\open\command,,,"""%1""%*"
HKLM,SOFTWARE\CLASSES\regfile\shell\open\command,,,"regedit.exe"%1""
HKLM,SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon,Shell,0,"Explorer.exe
HKLM,SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon,Userinit,0,C:\WINDOWS\System32\userinit.exe
[Del]
HKCU,Software\Microsoft\Windows\CurrentVersion\Run,MSConfig
HKCU,Software\WinRARSFX
- Save the file with the name "repair.inf". Use the Save As Type option to All Files to avoid mistakes.
- Right-click the file "repair.inf", then select "install".
- Restart the computer.
- Clean up temporary files from the trail trojan BitCoinMiner / BtcMine.
Perform the following steps:
- Click the Start Menu -> Run
- Type the command on the open box: cleanmgr, and then click OK.
- On the drive system (C) click OK, let it scan the drive.
- Once the Disk Cleanup window appears, mark the files to be deleted (especially the Temporary Files), then click OK.
- Wait until the finish.
- Install security patches MS10-046 according to the version of Windows you have. Please download the following links:
http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx
- For optimal cleaning and prevent re-infection, you should use an updated antivirus and trojan recognize BitCoinMiner / BtcMine well.
0 comments:
Post a Comment