As usual, I took help for Malware Diagnosis tools like SysInternals, HijackThis, Security Task Manager and cmd (attrib commands) which turned to be of no output in-specific.
As it was a cookie tracker (notified by AV). First I deleted All the possible temp and cache of Browsers(IE and Firefox) and Regedit MRU cache also. Observed - no difference even after doing it, it behaved same as before like if u login to some site it automatically moves to back page while current session is running. Further searching the files randomly I went into C:\RECYCLER and started deleting those files in S-XX-XX-XX-1003 folder. As the above file is in system invisible format. I executed >attrib -h -s * /s /d to unhide all files and folders. And so on deleted the files in it... I confirmed this as the root path because it was regenerating files with incremental numbers. So after deleting the files The PC worked Normally. Finally , after observing the Autoruns output, it's understood that Acrobat and Java needs to be re-installed. I believe this spyware was not totally downloaded else this tracking would be more serious and would be a fuzz for the PC user. Cheers, 0xN41K On Aug 3, 12:35 pm, Sandeep Thakur <[email protected]> wrote: > Can you share with us the removal steps or precautions one need to > follow incase of this unknown threat/attack... > > Thanks > Sandeep Thakur -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
