|
-
June 14th, 2012, 09:33 PM
#1
I've got a virus that's hard to eradicate
I've never installed adobe acrobat reader in this computer, I'm saying this just to be clear!
In the configuration startup there are two ticks for acrobatupdate.exe.
and in the windows firewall "windows messenger" is allowed.
there is a adobeupdate.exe startup in task manager,
all of witch Can't be removed.
This is definitely a Virus.
I google for it and didn't find much to help me so far.
Some guy seem to be able to get rid of it with this set of instruction:
Virus creates files in your user's AppData folder, hidden by default.
C:\Users\(Insert Username)\AppData\Local\Temp\Team.exe
C:\Users\(Insert Username)\Appdata\Roaming\Acrobatupdate.exe
C:\Users\(Insert Username)\Appdata\Roaming\TEAM (No file name extension)
-Virus adds keys to the registy called "scvhost" to make windows automatically run the code each time you start your computer.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ "scvhost" REG_SZ C:\Users\master\AppData\Roaming\Acrobatupdate.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run "scvhost" REG_SZ C:\Users\master\AppData\Roaming\Acrobatupdate.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ "scvhost" REG_SZ C:\Users\master\AppData\Roaming\Acrobatupdate.exe
-Virus creates a firewall opening under the name "Windows Messanger".
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ "C:\Users\master\AppData\Roaming\Acrobatupdate.exe" REG_SZ
C:\Users\master\AppData\Roaming\Acrobatupdate.exe:*:Enabled:Windows Messanger
I did the registry thing in safe mode but it didn't do the job.
The beast is still there.
I don't know how to use this instruction and where do I use it.
Virus creates files in your user's AppData folder, hidden by default.
C:\Users\(Insert Username)\AppData\Local\Temp\Team.exe
C:\Users\(Insert Username)\Appdata\Roaming\Acrobatupdate.exe
C:\Users\(Insert Username)\Appdata\Roaming\TEAM (No file name extension)
you help with this code or some other suggestion will reward you with a billion Thx.
life is real only then, when "I am "
-
June 14th, 2012, 09:49 PM
#2
Acrobat reader is used to read pdf files by most folks. But just in case. . .
Follow the instructions at
http://discussions.virtualdr.com/sho...d.php?t=167915
-
June 14th, 2012, 10:30 PM
#3
Train
I've done that before posting
nothing was faund.
life is real only then, when "I am "
-
June 14th, 2012, 10:33 PM
#4
Train please read my post more carefully.
I need help with this part of my post:
I don't know how to use this instruction and where do I use it.
Virus creates files in your user's AppData folder, hidden by default.
C:\Users\(Insert Username)\AppData\Local\Temp\Team.exe
C:\Users\(Insert Username)\Appdata\Roaming\Acrobatupdate.exe
C:\Users\(Insert Username)\Appdata\Roaming\TEAM (No file name extension)
life is real only then, when "I am "
-
June 15th, 2012, 01:40 AM
#5
C:\Users\(Insert Username)\AppData\Local\Temp\Team.exe
Means;
Open C:\
Open users
open your name
open AppData
open local
open Temp
Find Team.exe and delete it
Now you will need to show hidden files and folders to find this most likely.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
