Omegasearch variants
mondi
Icrontian
Just a quick update to Dexters guide:
as he mentioned, there are now variants spreading around.. looking at a few logs posted there seems to be a pattern forming, here are the relevant lines:
O4 - HKLM\..\Run: + [random title]+ "PROGRA~1" + file name.exe
where the random title is made up of 2 words - no doubt designed to appear familiar to your typical internet user, the "Program Files" folder is truncated to PROGRA~1 (8.3 style) and the exe name is more than 1 word, with trailing spaces, again designed to appear "familiar"
Please read the updated removal info here
and delete all files that follow the above pattern that you do not recognize
as he mentioned, there are now variants spreading around.. looking at a few logs posted there seems to be a pattern forming, here are the relevant lines:
as you can see all of these follow the format:O4 - HKLM\..\Run: [one face] C:\PROGRA~1\Style clock jugs\copy peak.exe
O4 - HKLM\..\Run: [SectCool] C:\PROGRA~1\Tray hide\ooze copy city.exe
O4 - HKLM\..\Run: [Play iso] C:\PROGRA~1\ENCMAI~1\frag wma.exe
04 - HKLM\..\Run: [Camp inter] D:\PROGRA~1\ONEFOURJUGS\Browse axis.exe
O4 - HKLM\..\Run: + [random title]+ "PROGRA~1" + file name.exe
where the random title is made up of 2 words - no doubt designed to appear familiar to your typical internet user, the "Program Files" folder is truncated to PROGRA~1 (8.3 style) and the exe name is more than 1 word, with trailing spaces, again designed to appear "familiar"
Please read the updated removal info here
and delete all files that follow the above pattern that you do not recognize
0
This discussion has been closed.
Comments
I have added that info to the Update Page.
Dexter...