Sites that helped me
Sunday, January 18, 2015
At my day job, a customer brought in a laptop and requested a diagnostic as it had recently slowed down and there were unwanted URL requests when opening a browser. I found this error when attempting to download external tools: "This file contained a virus and was deleted." I immediately suspected that the virus was blocking removal attempts. Luckily, I had these tools already on a USB flash drive. Here is what I did to start fixing the problem.
Confirmed that safe mode also infected
Confirmed that customer had data backed up
Advised that the best approach would be to reinstall Windows
Confirmed that customer had no installation disks
Warned the customer that a surgical approach has risks.
Risks accepted in writing
Ran msconfig to limit start up programs and services
Reset browsers to default
Ran regedit to adjust values
Adjusted internet options to allow certain websites
Copied Malwarebytes, ADWcleaner and HitmanPro from my USB flash drive
Ran all these tools.
Opted to not try combo-fix on my own
Downloaded Nexus client.
Connected to remote engineers who finished the cleaning with licensed and proprietary software.
Posted by s33me at 12:59 AM