Thanks, at last, I've found a hole in the malware.
- Open the Ice Sword folder and then launch IceSword.exe.
- Then look in the left hand bottom of the program and press "Registry"
- When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
- Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- Next, look in the right side pane, and there should be one or two values that are just random nummbers.
- They points to random name numbered .exe inside a folder that is also random numbers.
- Once you have found the value(s), right click it and press "Delete"
- Okay the prompt and close IceSword.
Reboot the machine.
After reboot, the false alerts should have stopped.
Please download the current version of HijackThis from
HERE
- Double click and run the installer.
- It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
- After installing, you should get the user agreement, press accept and Hijack This will run.
- Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
............................................................................................Site Admin / Security AdministratorVirus Removal ~
OS Support ~
Have we helped you? Help us! ~
GeekChat - Please PM me if I fail to respond within 24hrs.