Came across another interesting virus on a customers computer. It was having a problem when the customer connected it to their network it would cause other users to lose the connection. It was also causing everything to slow down on the network. I had run all the virus cleaning programs on the computer and everything seemed okay from it working on my repair bench. It was not running slowly and it was going on the internet just fine.
The customer had the computer back and called to let me know it was having the same problem again. I put the computer back on the bench and called the customer to find out what was happening on their end. They informed me that they had their IT department remote into it and scanned the system. I called their IT department and found that they had found the powelinks virus. I had never seen this before on the bench. So I started checking the internet with Google.
I finally found a website that had information about this virus. Here is a link to the website for the information http://www.adlice.com/poweliks-removal-with-roguekiller/ .This virus apparently attacks the processes in windows by inserting dllhost.exe files. What it does is insert various files in the registry that cause a number of dllhost.exe files to run. What they said to do was run Norton Power Eraser, RogueKiller and Sophos Virus Cleaner. I downloaded the Norton Power Eraser and Sophos Virus Cleaners off the internet. The RogueKiller was downloaded from Bleeping.com and did not take very long to download it.
First run the Norton Power Eraser and it will reboot the system. Next I ran the Sophos Virus Cleaner and then the RogueKiller program. It does an initial scan and then you run another scan. There are some tabs that you can click on to see if it found anything. It did find a number of infections in the registry and these were deleted. Rebooted the computer and reran all other scans. Rebooted into the normal mode and check the task manager. I did not see any of the dllhost.exe files any longer. It is best to let the customer connect this in their system to make sure all is running properly. Never go in the Registry and delete what you think is causing the problem. Just another sign of a shotgun technician. If it still has problems then I would recommend saving the data, wiping out the hard drive and reinstalling software fresh.
Thank You for reading.
No comments:
Post a Comment