Categories
Tech

AIM Virus Removal Instructions

Another Old Content Update. I'm not hosting the Automatic Removal Tool anymore, so who knows when the link will expire.

Realphx / TalkStocks ( AIM Virus ) Removal Instructions / Tools:

Download the Removal Tool (automated javascript) — Just download it and run it. (or just open it directly)

These may have appeared in your profile if you have been infected:

"Whoa….look what I found, click here"

OR

"I can't believe I found 'yourScreenName' Picture here"

Manual Removal Instructions:

  1. Press the CTRL, ALT, and DEL keys at the same time to bring up the task manager.
  2. Click on the processes tab (windows 2000/XP), and find 'b.exe', 'bbb.exe' or 'av.exe' and kill the process.
  3. Go to C:\Windows\ and delete 'b.exe' and 'bbb.exe' or 'av.exe' (or do a search for the virus: click Start > Search > look up each virus individually) Delete these when you find them.
  4. Click Start, then click on Run, type in "Msconfig" in the box and press ENTER.. When the box comes up, click on the "startup" tab and look for "b.exe" or "av.exe" listed (possibly listed under"antivirus") then uncheck the box to the left. (Windows 98/XP only)
  5. Clear your profile (or make a new one) and restart.
  6. When the msconfig box comes up after restart just check the box telling it not to come up again.

IMPORTANT: If you are seeing many other effects like "adult links" and extra toolbars in your Internet Explorer, the virus has also installed other programs called spyware and adware. To remove them download and run Spybot and Ad-Aware then update and run a full system scan with each.

 

Categories
Tech

Task Manager, msconfig, etc not working?

I noticed that I was having a lot of failed redirects for flamingcube.com for this file.  I decided to find the old archive and repost the information. For history's sake, here it his.

 These instructions are pretty long, so it might be worth printing them out. 


Here's the Fix:

  1. start computer (safe mode is not necessary)
  2. make a double rum and coke
  3. drink very fast then make another
  4. ok now for the fun part
  5. click start then run then type cmd and click ok.
  6. type the following line verbatim
  7. taskkill /im wuaumqr.exe /f
  8. the system will tell you that the task at whatever pid that is was loaded has been terminated.
  9. type exit
  10. launch windows explorer
  11. goto c:\documents and setting\all users\startmenu\programs\startup
  12. remove dcom.exe
  13. get another rum and coke we are just getting started
  14. run regedit
  15. click on my computer
  16. press control f (for find)
  17. type winsock2
  18. erase any setting that points to wuaumqr.exe only erase files that point to "wuaumqr.exe all other files are ok
  19. go back to top, click on my computer and press control f
  20. type wuaumqr.exe
  21. delete anyfiles that point to this location
  22. go back to my computer and press control f
  23. delete any files that point to dcom.exe (if any)
  24. get rum and coke, smoke cigarette
  25. exit registry
  26. click start then run the type msconfig and press enter
  27. uncheck the box pointing to wuaumqr.exe
  28. click apply then exit msconfig (ok)
  29. rum and coke
  30. click start then run the type cmd and press enter
  31. type cd\windows\system32
  32. type attrib wuaumqr.exe -h
  33. type del wuaumqr.exe
  34. type cd\
  35. type dir download_me.exe /s
  36. if this file exist on your computer goto that directory and type line 37
  37. attrib *.* -h -a -r
  38. type del.
  39. type cd\
  40. get rum and coke
  41. type dir dcom.exe /s /a
  42. if this file exists goto that directory and repeat steps 37 – 39
  43. type exit
  44. reboot system
  45. when system boots a message will pop up telling you that you are using a utility check the box marked "don't show me this message again, reboot system and get one more rum and coke for the evening