Removal
I have this routine down to a science on more than 1000 business pc's
Grab these programs on a clean pc and place on a blank thumb drive that might get infected
Step 1
Cleanup! 4.52. ( deletes all the temp files on the pc where the malware / virus hide themselves to reinfect )
Install and run this first, this also clears the massive temp areas accumulated that every virus/ malware scanner will inspect , this will cut your scan by 95%
Aka - "taking out the trash"
Step 2 : the following 2 programs must be renamed to something other than their default name - most virus/malware memory resident programs have a blacklist to delete these programs on Sight!
Step 2a
Combofix.exe (bleepingcomputer.com)
Rename to cf.exe ( or cf112711 the date downloaded )
Best to reboot and run this in safe mode.. May ask to reboot if root kits are installed. Leave the pc alone while this runs, once it exports it's text file to your screen after its normal run and reboot (2nd if root kits where removed)
Aka : kill the rats/pests
Step 3
Mbam_xxxx.exe (malwarebytes.org)
Rename to mb.exe ( or date mb112711.exe )
Since prior you ran combofix any proxy altering nasties will not redirect malwarebytes to an alternate site with a bogus program update.
Install and run, update.... Use only the quick scan within 10 minutes running you should be done and clean.. If you feel the need you can run a full scan afterwards with mbam if there were more than 10 positives
Aka : cleaning up the rat turds
Skip any step and something as simple as the screen saver kicking in can re-infect your pc....(part of the turd group of trickery)
ENJOY
Note: if the user has mortgage/financial software installed check the date/time format in the system settings and write it down , combofix will return it to the default and you will need to restore it for those programs
[ Post made via iPhone ] 