- Reaction score
- 3,425
- Location
- Manchester UK
I've had this bar steward in two machines this week, and it's been a b1tch to get rid of!. At one point, I thought the easiest way of sorting these would be a N&P!.
Now im pretty sure the machines were infected with far more than the simple rogue a/v, but this is the track I took to remove the virus, and clean the machines.
Malwarebytes, updated quick scan - Did not remove it completely. done in normal mode.
Smitfraud fix - found issues, and fixed them. Safe mode.
Hitman pro - found issues and fixed them all.
TDSS rootkit, found 1 issue - fixed.
Thought great, pc working. go online, and browser hijacked each time.
Hijack this, manual removal, removed quite a few issues - Browser hijack fixed.
Still WinHDD was there!.
Autoruns, cleared
Process explorer, cleared.
Combofix. Cleared everything. Safe mode
MBAM - updated again, run normal mode, full scan. Removed WinHdd!
All in all, it took approx 4 - 6 hours to remove this, and everything else on the pc.
There were trojans, a couple of rootkits, the usual mywebsearch, false windows security alerts, browser hijacks, you name it, it was there.
All this for my flat rate of £35, for virus / malware removal. At times, I wish I charged pr hour lol.
One of the machines, was a build from me a couple of years ago, for a good friend.
The other was a netbook, less than a month old, I sold to another good friend. The netbook's owner is 18, was given this for her birthday present in Nov. She leant it to a 'friend', who since admitted he had a look at a porn site, and was infected.
Kudos to him for letting me know. I tried to find out exactly which site infected them, with ieview, but my client thought they would roll back the machine, and in so doing that, all the sites visited were lost etc.
Just a heads up, if anyone has a similar issue with this virus. You could be in for the long haul.
Now im pretty sure the machines were infected with far more than the simple rogue a/v, but this is the track I took to remove the virus, and clean the machines.
Malwarebytes, updated quick scan - Did not remove it completely. done in normal mode.
Smitfraud fix - found issues, and fixed them. Safe mode.
Hitman pro - found issues and fixed them all.
TDSS rootkit, found 1 issue - fixed.
Thought great, pc working. go online, and browser hijacked each time.
Hijack this, manual removal, removed quite a few issues - Browser hijack fixed.
Still WinHDD was there!.
Autoruns, cleared
Process explorer, cleared.
Combofix. Cleared everything. Safe mode
MBAM - updated again, run normal mode, full scan. Removed WinHdd!
All in all, it took approx 4 - 6 hours to remove this, and everything else on the pc.
There were trojans, a couple of rootkits, the usual mywebsearch, false windows security alerts, browser hijacks, you name it, it was there.
All this for my flat rate of £35, for virus / malware removal. At times, I wish I charged pr hour lol.
One of the machines, was a build from me a couple of years ago, for a good friend.
The other was a netbook, less than a month old, I sold to another good friend. The netbook's owner is 18, was given this for her birthday present in Nov. She leant it to a 'friend', who since admitted he had a look at a porn site, and was infected.
Kudos to him for letting me know. I tried to find out exactly which site infected them, with ieview, but my client thought they would roll back the machine, and in so doing that, all the sites visited were lost etc.
Just a heads up, if anyone has a similar issue with this virus. You could be in for the long haul.
.
