I am going to give you manual removal instructions for this type of trojan. Just follow them step by step. I take no responsibility if you harm your kuala lumpur shopping so please make a backup first. I provided instructions as well to make a backup.
Manual removal instructions:
You deleting all registry keys and files connected with this software, and also removing it from startup list and unregistering all corresponding DLLs. (Only do Tmcom following if you know what you are doing)
However you can do the Cheap Adsl Modem that you know how to do - skip the rest. I tried to make it easy by explaining each step carefully.
Deleting Files:
1. Search on your computer and delete these files:
To search, Click Start, then Click Search, then Click Search for files and folders.
notepad.dll
sb_bar.css
sb_bar.htm
sb_config.ini
sb_ep.htm
sclick.exe
sysmonms.exe
uinst.exe
Warning: you should delete only those files which checksums are listed as malicious.
2. Delete the folder named Winmsg:
Click Start, then Click Run, type in
C:/program files
Program files folder will open. Find the folder named Winmsg and delete it.
3. Delete these malicious registry entries andor values:
Easy instructions to discover how to delete an entry in my other blog post.
If you cannot find an entry skip it.
Key: Sb6.StrangeBho.1
HKEY_CURRENT_USER/SOFTWARE
ClassesSb6.StrangeBho.1
HKEY_CURRENT_USER/SOFTWARE
ClassesSb6.StrangeBho.1CLSID
Key: Sb6.StrangeBho
HKEY_CURRENT_USER/SOFTWARE
ClassesSb6.StrangeBho
HKEY_CURRENT_USER/SOFTWARE
ClassesSb6.StrangeBhoCLSID
HKEY_CURRENT_USER/SOFTWARE
ClassesSb6.StrangeBhoCurVer
HKEY_CURRENT_USER/SOFTWARE
ClassesCLSID{0B9B7B2E-30E3-4C5D-
AD2C-C38724979B4B}
HKEY_CURRENT_USER/SOFTWARE
ClassesCLSID{0B9B7B2E-
30E3-4C5D-AD2C-C38724979B4B}
HKEY_CURRENT_USER/SOFTWARE
ClassesCLSID{0B9B7B2E-30E3-
4C5D-AD2C-C38724979B4B}
ProgID
HKEY_CURRENT_USER/SOFTWARE
ClassesCLSID{0B9B7B2E-30E3-4C5D-
AD2C-C38724979B4B}
VersionIndependentProgID
HKEY_CURRENT_USER/SOFTWARE
ClassesCLSID{0B9B7B2E-30E3-
4C5D-AD2C-C38724979B4B}
InprocServer32 Value: ThreadingModel
HKEY_CURRENT_USER/SOFTWARE
MicrosoftWindowsCurrentVersion
ExplorerBrowser Helper Objects
{0B9B7B2E-30E3-4C5D-AD2C-
C38724979B4B}
Warning: Do delete ONLY the keys listed above. Do make a backup before deleting anything from the registry. We have no responsibility if anything you do bend broadband wrong.
Manual instructions for a registry backup:
1. Click Start, and then click Run.
2. Type regedit, and then click OK.
3. Right click on My Computer and Select Export.
4. In the Save in box, select a location where you want to save the backup file (could be My Documents Folder), type a file name in the File name box, and then click Save.
Then move the file to a floppy disk or on CD if you can - that is extra protection.
1) Insert floppy disk in computer.
2) Click Start, Run. Type in A:/ Hit OK. A floppy disk window will open (blank if floppy disk has no files)
Go to the folder where you saved the backup. Click once on the backup file - drag it to the floppy disk window.
That was manual instructions for removal of FakeAlert Trojan. As always you can scan with both your anti virus and anti adware/spyware software as well -- for automatic removal (if the software find anything at all). Not all trojans can be automatically removed!
Download 4,700 unique Free Ecards now from NoAdware blog. Discover more tips and advice for free as well.
No comments:
Post a Comment