There's been a lot of national news lately regarding the Conficker Worm. I did some research and found a nice Conficker removal tool at BitDefender's site.
Pretty easy to run. Just unzip the download into a folder and run the gui program. At least you get a little peace of mind...
If you ever get the dreaded "Missing or Corrupt Windows System32" error message then this set of instructions from the Microsoft site can be of great help in getting your registry and other system files restored.
The gist of the instructions is to show how to get your XP system to minimally boot so that you can manually get to one of the restore points.
I tried it and the instructions generally work. However, if you run into a lot of access denied problems then you may need to reset the file permissions so that you are the new owner. You can do this by right-clicking on the file or folder and then selecting the security tab to add the new owner name.
Just thought I'd keep a note of this site: http://www.nirsoft.net/
Some very useful system utilities and password recovery programs.
Here's an interesting problem that I just came across. One of my customer's XP computers would boot normally, except the system tray was completely blank. No icons -- just a blank bar where you wold normally see the system icons.
I checked to make sure the system tray hadn't been move to the side or the top of the screen.
I eventually found this note on one of the forums that solved the problem.
Basically you press CTRL-ALT-DELETE to bring up the task manager. From that application you can run REGEDIT from the File > New Task (RUN) option.
Once in REGEDIT you delete the following keys:
Reboot and the system tray should be accessible. In my case the system tray was squished down to just a sliver. However, I was able to move the cursor over the sliver and resize it so it looked normal.
Weird, but it worked.
The symptoms of these two spyware infections is that some Windows functions such as Add/Remove Programs and the Task Manager will automatically close before you have a chance to run them.
Also, doing searches for keyphrases like udchniv.exe will cause the Internet Explorer window to suddenly close.
To remove these two spyware programs is relatively easy using Malwarebyte's Anti-Malware program.
However, there is one gotcha: These spyware programs run in the background and prevent you from running the Malwarebyte installation and application.
So here's the trick to use. What you do is rename the mbab-setup.exe file to something like fred.exe. This will allow you to run the installation program since the spyware program is actually looking for the filename mbab-setup.exe.
Now once the program is installed, you'll also have to change the name of the application as well before running it since the spyware is also monitoring the application filename.
Navigate to C:\Program Files\Malwarebytes' Anti-Malware\ and rename the file mbam.exe to fred.exe or bob.exe or any of your favorite relatives. :) Run the renamed application filename and Mal's program should remove both udchniv.exe and atthdop.exe
I recently had to clean up a case of MS Antivirus 2009. As usual, I went straight for Malwarebyte's Anti-Malware program.
However, when I clicked on the mbab-setup.exe icon nothing happened.
After a bit of research I found that this is because some variants of the Antivirus 2009 spyware will actually block the installation of certain spyware cleaners.
The easy fix for this is to rename the mbab-setup.exe program to something else -- like joe.exe.
This allowed me to install Ma'ls program -- with one caveat. I could only install the program from Safe mode and I could only run the application from Normal mode!
Be that as it may, Mal's program was able to clean up the majority of the Antivirus 2009 spyware and I later ran SuperAntispyware to clean up the rest of the spyware bit and pieces.
*Note - Antivirus 2009 infections could also have TDSServ Rootkit infections so keep an eye out of TDSSxxx files in the c:\windows\system32 directory. One of their side effects will be a hijacked browser so if you see any TDSSxxx files in that system32 directory then manually delete them if you have to.
Recently a customer got fooled into thinking that AntiVirus 2009 was a legitimate antivirus program and somehow downloaded the program.
Suffice it to say that Anti Virus 2009 is really another sad bit of spyware disguised as a legitimate program.
Luckily it seems easy to remove. Just download Malwarebytes' Anti-Malware program and run a quick scan to remove the Antivirus 2009 spyware.
I recently cleaned a computer that had scores of spyware infections. I noticed after the cleaning there were still two problems:
1) I was unable to press CTRL-ALT-DELETE to bring up the mananger
2) The desktop properties were missing tabs
To restore these features, go into regedit and navigate to this key:
Set the data for any desktop or task manager keys to 0 and that will restore their functionality.
Yet another strain of spyware going around the net. This one pops up windows with a variety of titles and URLs such as:
After running my usual list of cleaners that I use for removing adyieldmanager, I found that I also needed to run Malwarebyte's Anti-Malware program which you can find here:
The system I was cleaning showed a lot of trojan.vundo infections. I ran Mal's program twice and that seemed to clean it all up.
Recently came across this error: Windows File Protection: Files that are required for windows to run properly have been replaced by unknown versions; Windows needs to restore these files to function properly.
There seems to be lots of fixes to this related to re-registering DLLs.
The first DLL I tried seemed to work:
Click Start, click Run, type regsvr32 initpki.dll, and then click OK.
What luck! :)