We ran into a nice little worm today on a PC we manage. The anti-virus was alerting of a downloader trojan and Microsoft Defender was constantly popping up a message about needing to block different programs, all of programs were exe files that began with random 3 digits in the format ###.exe. (i.e. 353.exe, 563.exe, 983.exe, 768.exe, 442.exe).This is where the fun began.

SYMPTOMS

• Anti-virus and Windows Defender pop-ups indicating a virus was found.
• c:\documents and settings\{profile name}\local settings\temp contains many files in for format ###.exe (### is three random numbers)

REMOVAL

Anti virus and spyware cleaners are able to remove the ###.exe files, but the program that is creating these files are hidden.

1. First you must unhide system files. Open Windows Explorer and go to Tool >> Folder Options >> View. Make sure "Hide protected operating system files (Recommended)" is UNCHECKED.
2. Download and install Unlocker here.
3. Go to c:\recycler and right click the first recycle bin you see there. Choose "Unlocker".
4. In the Unlocker window, change the drop down menu to the option 'delete' and click OK.
5. Do the same with each recycle bin folder you see there.
6. Run a full virus scan to clean up any remains and then reboot your computer. We found the best anti-virus package available is Norton. Not only does it do the best job in cleaning the virus, it does the best job of preventing them as well. For around $70, you can protect up to 3 computers.

Comments (0)