|
The latest tests done on the rapid anti virus installation file reveals that apart from adding links to pornographic sites on the desktop, it also generates random processes, files and folders, and entries in windows start up. these names are alpha-numerical such as "20d9bed2a36a5497 " or "6171a8609cdd2294 "
The location of these folders could be in "C:\Documents and Settings\[UserName]\Application Data" but they could be elsewhere as well, better to search for them using the windows search utility. If you open the task manager (Ctrl Shift Esc) you may find such an alpha numeric process in the list. So the first step is to note down it's name and then end it, and then look inside the windows start up list , if you find a similar or a different entry , then note it down too, and then un check it. These names will be needed for searching with the windows search utility. Search and delete folders and files with these names. Again I assume that you are able to identify or diferenciate between a legitimate file and a virus file. If you have any doubts consult someone more accustomed with these things. here are some more names generated by the rapid antivirus. These names could be folders, files, processes and registry entries. All of then are found in %AppData% folder that is "C:\Documents and Settings\[UserName]\Application Data" 9152f213d1c14568
f67fa890fa209ff2
e3c9fc7e974b44c3
224c0e8ac5a73fc2
d111ffbb509d7ef6 It is obvious that these are all randomly generated. Therefore each infected computer can find a unique name. One common thing among the manes is that they are all 16 characters long , and may begin with a character or a numerical, but the random nature of the names can be easily identified.
|
