Five steps to manually remove hidden virus

Posted by elise in Blog Knowledge Base, Recent Articles, Tutorials on April 2nd, 2009 | Leave a comment
TAGS: , , , ,

After selecting the option “Show hidden files and folders”, you find that one file of the movable disk disappears right after flashing through the window. When re-click on the “Folder Options”, it still shows the option of “Do not show files and folder”. Moreover, when clicking on the disk icon of C or D, another unknown window pops up.

Symptom description:
1. Could not show hidden file

2. Another window pops up When clicking on the hard disk icon of C or D

3. By Viewing C or D disk with winrar, the files autorun.inf and tel.xls.exe are found under the directories

4. There is a weird “kill” in the applications of the Windows Task Manager

5. There is an odd SocksA.exe within the startup programs

Solution:

Please do not double-click on the hard disks during the following process. To open hard disk, please right-click on the icon and click Open.

Step one: end up virus process

Search for any unknown application similar to “Kill” in the task manager, and right-click on the application ->switch to process -> look for process similar to SVOHOST.exe, and right-click -> select End Process Tree.

Step two: show system file that was hided

Start -> enter “regedit” and navigate to HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\Current\Version\explore\rAdvanced\Folder\Hidden\SHOWALL, delete the key of CheckedValue; right-click on the blank -> select New -> select DWORD value -> name the new key as “CheckedValue” and then double-click to modify its value as “1”. Then you can choose either “Do not show hidden files and folders” or “Show hidden files and folders” optionally.

Step three: remove virus

Right-click the hard disk -> open -> search and delete the two files autorun.inf and tel.xls.exe in every hard disks, including movable disk.

Step four: remove the auto-run files of virus

Start -> Run -> msconfig-> Startup -> delete items such as sacksa.exe、SocksA.exe; or open registry by entering “regedit”.

Navigate and delete the following registry key: HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft> Windows> CurrentVersion>Run.
Search and delete items similar to C: WINDOWSsystem32SVOHOST.exe

Step five: delete the leftover files

Delete SVOHOST.exe(please note that Windows system also has a similar file), session.exe、sacaka.exe、SocksA.exe and all files which icons are similar to excel, under the directories of C:WINDOWS and C:WINDOWSsystem32.

Finally, restart your PC to finish.

Relevant Knowledge

Posted by Emma Adrian in Blog Latest Adware Threats, Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats on January 13th, 2009 | Leave a comment
TAGS: , ,

What is Relevant Knowledge?
Relevant Knowledge, also known as AdWare.Win32.RK.j [Kaspersky], Spyware.Marketscore [Symantec], Proxy-OSS [McAfee], is part of an online market research community relying on its members to gain valuable insight into Internet trends and behavior. In exchange for participating in periodic surveys on topics of interest to the Internet community, and for having their Internet browsing and purchasing activity monitored, Relevant Knowledge sponsors select software that its members can enjoy for free.

Relevant Knowledge tracks your purchases on the Internet and creates targeted popup ads on your local computer. It uses its own security certificate to route your secure purchase information through its servers, and with information you have supplied, it alters what you see while surfing on the net.

Do you have Relevant Knowledge?
If you have enough time and expertise, you can search your computer for Relevant Knowledge manually. However, it might take hours to find out all files of Relevant Knowledge, and it is possible that Relevant Knowledge will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Relevant Knowledge
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Relevant Knowledge removal instructions
WARNING: The manually removal method is for advanced users. Relevant Knowledge manually removal can be difficult and time-consuming. There is no guarantee that Relevant Knowledge can be completely removed, for there are hundreds of files generated when Relevant Knowledge installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instruction below for Relevant Knowledge removal manually:

Navigate and stop Relevant Knowledge processes:
rlls182.exe
rlvknlg.exe

Navigate and Remove Relevant Knowledge registry values:
HKEY_LOCAL_MACHINE\software\screensaver.com\relevant knowledge
HKEY_LOCAL_MACHINE\software\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\un relevantknowledge

Navigate and Delete Relevant Knowledge files:
[%SYSTEM%]\dompilot.dll
[%SYSTEM%]\ldpackage.dll
[%SYSTEM%]\model.dat
[%SYSTEM%]\opls.dll
[%SYSTEM%]\opnsqr.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rlls.dll
[%SYSTEM%]\rlvknlg.exe
[%SYSTEM%]\rlxf.dll
[%SYSTEM%]\cosscfg.exe
[%SYSTEM%]\silc_dll.dat
[%PROGRAM_FILES%]\relevantknowledge

What are the symptoms of Relevant Knowledge?

  • Relevant Knowledge may track users purchase information on the Internet
  • Relevant Knowledge may monitor users’ internet browsing activity
  • Relevant Knowledge may alter Internet web pages
  • Relevant Knowledge may create targeted popup ads

How do I keep away from Relevant Knowledge?
Once you have cleaned up Relevant Knowledge, the most important point to prevent Relevant Knowledge and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Relevant Knowledge and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Adware?
Relevant Knowledge is a type of Adware.

Adware is a kind of software that displays or downloads advertisements to a computer after the software is installed or while the software is in use. These advertisements can be banners or pop up windows. Some types of adware may even collect the user’s information and display advertisements in the web browser according to the information collected.

Adware can slow down your PC by consuming heavily Memory and CPU resources. Adware can also mess your Internet connection by using bandwidth to resume advertisements. Meanwhile, your system may be in risk of inefficiency because most adware applications are not properly programmed.