I didn't even know that my Windows was infected until i managed to update the anti-virus software (I think it was due to that malware, the anti-virus was unable to update properly). What i did was reinstall the anti-virus (Avira Antivir Personal) and update its database. After a few minutes, it detects explorer.exe and winlogon.exe contains TR/Patched.Gen and need to restart the pc to finish the process.
But it didn't stop there. At this point, explorer.exe is unable to load due to restrictions by the anti-virus. But somehow winlogon.exe got through. Since explorer is inactive, i have to look for an alternative to get Windows work again. Using command prompt, i searched for explorer.exe and winlogon.exe and found both backup in C:\WINDOWS\ServicePackFiles\i386\. I copied both files to C:\WINDOWS\. At first, explorer.exe was a success but not to winlogon.exe. In short, this is useless.
So, i googled and found a solution: ComboFix.
- To fix this problem, first, download Combofix here.
- Disable any anti-virus, script blocking, firewall or any security software.
- Run Combofix. It's better to let explorer.exe unloaded (open Task Manager by pressing Ctrl+Alt+Delete and from Processes tab, look for explorer.exe and click End Process and click Yes upon confirmation).
- Follow on-screen instructions exactly as instructed. Do NOT multi-task a.k.a open other programs.
- Let the utility finished until it generates report log file.
EUL Level : LEVEL 5
No comments:
Post a Comment