Still cleaning up after the "Windows Fix Disk" malware attack. Not only did it hide my files, but it also changed background on my desktop. No biggie. I kinda like the new background.
I've found the Windows "Search" function to be a useful tool for the amateur exorcising malware. I've used it to find location of malicious exe files and associated files. Instructions after the jump, with standard disclaimer that I'm an amateur, so proceed at your own risk. As always, comments and corrections welcome.
Click "Start," then "Search." Search in "All files and folders." In "Search criteria," look in hard drive. In "When was it modified" section, select "Specify date." The current day's date should appear in the "from" and "to" boxes. If you've just been hit, that should do it. Click "Search."
The search will reveal all the files modified on the date, including the malicious files infesting your machine. When the search is complete, click on "Date Modified" on the upper line of the search results screen, and the results will be sorted by time. Look for files modified around the time of the malware attack. You should find the malware exe files (if you haven't already cleaned them off) and associated files and their locations.
You can delete the offending files from the search results screen. But be cautious. Only delete if you're sure that it's malware related. (I've found WFD exe files nesting in C:\Documents and Settings\All Users\Application Data.)
No comments:
Post a Comment