Hi everybody, please could someone tell me which files i need to
remove to get this Scam off my computer and up and running again,
thanks.
%ALLUSERSPROFILE%\Application Data\<reverse string of the filename>.<reverse string of extension name>
for example, if the original file name is "malware.dll", the copy's name is "erawlam.lld".
Note: %ALLUSERSPROFILE% refers to a variable location that is determined by the malware by querying the operating system. The default location for the All Users Profile folder for Windows 2000, XP, and 2003 is "C:\Documents and Settings\All Users\Application Data". For Windows Vista and 7, the default location is "C:\ProgramData\Application Data".
Some variants of Trojan:Win32/Reveton create the following shortcut file in the Windows startup folder to ensure the trojan loads every time you log on:
<startup folder>\ctfmon.lnk, detected as Trojan:Win32/Reveton!lnk
Note: <startup folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the Startup folder for Windows 2000, XP, and 2003 is "%USERPROFILE%\Start Menu\Programs\Startup". For Windows Vista and 7, the default location is "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup".
Manually clicking the shortcut will also run the trojan.
In some older variants of
Trojan:Win32/Reveton, the
trojan creates a shortcut file with the file name "<random file name>.dll.lnk"."
--
You received this message because you are subscribed to the Google Groups "FreeFixer User Forum" group.
To post to this group, send email to freefix...@googlegroups.com.
To unsubscribe from this group, send email to freefixer-for...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/freefixer-forum?hl=en.