This trojan puts winconfig.dll in the system32 directory. I’ve also seen something about winconfig.dll.vbs in some forums.
It also puts a360 under program files and several favorites & short cut links to the a360 program within program files.
Boot from cd or hook the infected drive up to another computer, search for and remove winconfig.dll, a360 folders & files. Download spybot search and destroy from safer-networking.org and update, then reboot in safemode and scan for issues with spybot search and destroy.
Also delete the pagefile.sys & hiberfil.sys. This one usually infects userinit.exe too. The only way you can scan userinit.exe is to use avast boot time scan or hook the hard drive up to another machine. If you erase userinit.exe you’ll run into the logon and immediate log off problem described here
Get the best Anti-virus program that we use by Clicking Here
Chelsea says:
I had antivirus 360 try to get into my system….it is telling me I have a virus…I have downloaded free antivirus spyware systems and they have not worked…
7th March 2009 at 10:17 pm
Mike says:
Are you restarting your computer in safe mode before running your scans? You should at least be in safe mode, I prefer safe mode with command prompt, but command prompt requires knowledge of specific commands and can be very challenging even for computer enthusiasts. To fix av360, I’ve always either booted into the recovery console, booted from boot cd such as BartPE, or I take the hard drive out of the infected machine and hook it up to a linux box to disinfect. Technically you could hook the hard drive up to another windows machine, but then you risk infecting your clean machine… Try downloading combofix.exe. When you download it, be sure to name it something else… like combofix1234.exe. AV360 stops you from running combofix.exe so you have to name it something else before you can run it. Same with the other antivirus programs… you have to rename them before you can run them when you have this infection.
Good luck! If you get stuck, call your local computer repair shop (Not the geek squad). Make sure you have whoever repairs the computer to make a clone or backup of all your files before they do anything. Some repairmen are in the habit of wiping your computer clean to “fix” the problem.
7th March 2009 at 11:07 pm