Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 6771 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can any of Sophos free tools remove desktop.ini from windows\assembly\gac folder?

psungman

Hi, I have spent the better part of this weekend trying to get rid of viruses, trojans, and rootkits, that infiltrated my computer on Thursday, and I wasn't even on the Net, that  long. One must have gotten in there and then started randomly infecting areas. Anyway, I have been able to remove a lot of the culprits, but that sirefef has locked in on some places, but the worst seems to be that C:\windows\assembly\gac\desktop.ini.

I don't know why not only Sophos, thanking them for the products and support, but a lot of other antivirus programs seem to eradicate most of the infection, but the one I have really narrowed it down to, seems to be doing the most damage, and, of course, it keeps reinventing itself even after supposedly being deleted by Avast, AVG, AntiMalwarebytes, and other proggies.

So, does anyone have or run across any methods to disinfect a computer with that malady? If so, can it be done with Sophos stuff or do I have to do that Combofix procedure ( would rather not, from my intuition)? Anyway, get back to this thread when you can and I will run some more Sophos stuff to keep attacking, haah, have to be on the offensive, psungman

:29277


This thread was automatically locked due to age.
  • 0

    Hi, I see there aren''t any replies but that's all right. I have started to post about information that I figure out in my dealings with digital demons and realms like recording. I somehow got infected last week and had a really rough time ridding my little desktop of the offensive.

    I have narrowed down what anitivirus programs that work and what is needed to rid the results of these attacks. First of all, I have no idea why people attach these things to stuff on the net....esp.why they do it, serves absolutely no purpose to ruin the lives of others who are trying to learn or use the net for various purposes, they will be judged somday.

    Anyway, here is my 4 cents of wisdom. When you sense something is happening, like a another site opening up you didn't ask for , arrest the moment immediately, esp. when there is an opportunity to click OK or cancel. Having premised that, start your attempts to clean asap as now as I know the wording of virus and trojan as well as malware site redirecting. I didn't do that this time and paid a steep price in its receiving.

    Your own antivirus program is usually rendered unusable for some reason, though sometimes it seems to be doing some scanning. Antimalwarebytes is your first line of defense along with offensives from Sophos, thanks, and their virus removal and rootkit proggies. Run some antirootkit stuff first like TDSS killer, as this seems to be the way most computers are infiltrated nowadays. Then after writing down all the infections, keep a record, if they keep showing up after some of this rebooting, you are on your way. Now, when you get a particular stubborn sickness like sirefef, and those that get into the windows assembly areas like GAC and lock onto desktop, ini files you have to use AVenger with the specific files to be delete. Combofix works that way, also, but even though I know it is very powerful, it can wreak havoc on some 'puters esp. when trying to get back on the Net. Now, the most significant worker was DR. Web's CureIt. It seemed to genuinely methodically find, eliminate, cure, and remove most of the pesky devils. I checked with all the aforementioned antiviral actors and after using Cure It, most of the offenders had departed.

    Now, you have to rerun all the programs used  early on, to check and recheck if you are somewhat free from their bit bondage. OH, Hitman Pro works somewhat well on inbetween areas, but not like it has been praised. After you get the computer working fairly well, you need to repair some of the damage, with windows repair tools, and set a new fresh restore point. The only thing that  puzzled me this time around was that I couldn't  access the earlier restore points I had made, for some reason, the restoring never was completed. Makes you wonder why it takes this task on but you can't return the machine to an original spot where it was mean and clean.

    So, I will watch this thread occasionally to see if any wise men or women add to my 4 cents. May your digit using go well and you live longer to prosper, psungman

    :29297
  • 0

    Hello psungman,

    this being "just" a forum and not a 7*24 support line you can't expect immediate replies - especially on weekends.

    I understand that someone wants to get rid of nasties ASAP, a methodical approach - even if it seems tedious and in some respects slow - usually produces better results.

    If your own (on-access/real-time) own antivirus program is [...] rendered unusable its vendor (whether commercial or free) should hear about and might be interested in the details and perhaps some samples. Admittedly this is hard if you have access to only one computer - but then how do you obtain the "other tools" in this case. Running one or more "cleaners" might destroy useful evidence. Making the computer work again after an infection doesn't protect it in the first place (and also not "immunize" it against the particular threat). 

    As you've seen the Restore Points aren't a cure-all. Malware not only often deliberately removes RPs (which is otherwise a legitimate operation) but sometimes also take advantage of them by placing itself there. Furthermore RPs don't guarantee that the system was consistent at the time they were taken. Thus clearly only prevention can be the final answer as a complete remediation is impossible.  

    Christian

    :29309