Jump to content

freeliner

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by freeliner

  1. @ yardbird sorry it took me so long to get back, I haven't been back here in a while, thought I'd return because I've had to sort out a few people's computers who were infected with ESQUL. After I used Malware Bytes last time, I thought that I had got rid of the Google redirect and a few other things but a full scan with Avira revealed that there were hidden registry keys (all with the ESQUL name), but Avira couldn't fix it. Since ESQUL is hidden from Windows (*I'll get to something interesting in a minute), I tried using an XP cd's recovery console to delete them. I found and deleted them, booted into Windows but there was no change with the Avira scan and they were present with different names when I went back into the recovery console. *Something Interesting: When I was infected I was snooping around in the non plug-and-play drivers section of the device manager (it was obvious to me this is how it's staying out of sight) and found a driver that didn't link to a file name after I opened it up. I'm not too hot on what should and shouldn't be in there but every other driver linked to a filename. This raised my suspicions, I just wish I took a scrnsht After breaking out an old hard drive, I backed up the important stuff and ran combofix. I then re-installed Windows. This is what I've had to do to a few PC's recently. I understand the problems that may come with combofix so I always make sure everything is backed up. Just to clarify: I don't charge for fixing PC's, they are all ones that I have built as presents for my family and 1 close friend (computer loner ). Can you give me any info on the ESQUL please? I'm interested on it's spreading techniques and system changes but can't find any technical details, as all the antivirus companies like to name them differently... Thanks Freeliner
  2. I caught the virus today, first off a site wanted me to install a 'HD Compatible Flash player' (I didn't), which resulted in me catching the 'google redirect' virus, then the System Security one after. Long story short malware bytes would install but wouldn't run even if I changed the name. I ran it in compatibility mode for windows 2000 and it worked. Because the virus was blocking access to malwarebytes.org the update function wouldn't work until I changed the mirror (update location) so that it wasn't updating through malwarebytes.org
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.