locked
System Control Icon RRS feed

  • Question

  •  

    My husband has Windows Vista and the computer downloaded this System Control program (mentioned in another thread here) and this morning when he rebooted and logged on to his computer, it basically infected his computer with a Trojan/Rogue virus. I've read up on this and this is what the internet search told me:

    t will modify Windows Registry and add the following entries:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\Control Center
    • HKEY_LOCAL_MACHINE\SOFTWARE\Control Center
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Control Center”
    • HKEY_CURRENT_USER\Software\Control Center

    The threat will create the following malicious files and folder:

    • %Program Files%\Control Center
    • %Documents and Settings%\All Users\Start Menu\Programs\Control Center
    • %Documents and Settings%\All Users\Application Data\Control Center

    The computer is brand Acer, and I've tried to do the Startup Restore with no luck... I've found that in theory we should be able to restore the computer to factory settings, but would rather not if we don't have to.

    The computer no longer will allow access into McAfee, Control Panel, the command prompt, or any of the things within Windows that we would need to try to remove it from within Windows. Would starting in Safe Mode help?

    How can we remove this virus?

    Monday, December 27, 2010 6:39 PM

Answers

  • Hi,

     

    I would like to provide the following suggestions:

     

    1. You may specifically give the Administrator the full permissions and then boot in Safe mode to run the antivirus software to remove the virus.

     

    2. Please contact your antivirus program manufacturer support to see if they have special update or tools to complete remove the viruses.

     

    3. Actually, the officially recommended method is still to format and re-install the compromised computer from a known good build (i.e. operating system CD + all security patches while disconnected from the network). For more information on hacking, please see these links:

     

    Help: I Got Hacked. Now What Do I Do?

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

     

    Help: I Got Hacked. Now What Do I Do? Part II

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx

     

    How A Criminal Might Infiltrate Your Network

    http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/default.aspx

     

    Malicious Software Removal Tool

    http://www.microsoft.com/security/malwareremove/default.mspx

     

    The Day After: Your First Reponse To A Security Breach

    http://www.microsoft.com/technet/technetmag/issues/2005/01/IncidentResponse

     

    4. You can also contact your antivirus vendor for assistance with identifying or removing virus or worm infections. If you need more help with virus-related issues, contact Microsoft Product Support Services.

     

    For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates.

     

    I hope this helps. Thank you for your time and cooperation!

     

    (Please note that the newsgroups are staffed weekdays by Microsoft Support professionals to answer your non-urgent, break/fix systems and applications questions. Our goal is to provide 24 hour response to all questions. If this response time does not meet your needs, please contact Customer Service and Support (CSS) for more immediate assistance. For more information on available CSS services, please click here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607.)

     

    Regards,

     

    Sabrina


    This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Sabrina Shen Monday, January 3, 2011 5:45 AM
    • Edited by Sabrina Shen Friday, April 6, 2012 3:35 AM PCSafety Center update
    Wednesday, December 29, 2010 6:08 AM

All replies

  • Since we know the registry entries and files that the trojan adds, just go to the pc registry(start>run>type regedit) and navigate to the specified registry entries and delete them.

    then navigate to the specified folder/file locations and delete them too.

     

    if the above fails, do a system restore(start>all programs>accessories>system tools>system restore) and select a date before the malfunction began


    Tunde Abagun MCP,MCSA,MCTS,MCITP en p "for the love of Computers"
    Monday, December 27, 2010 9:59 PM
  • Hi,

     

    I would like to provide the following suggestions:

     

    1. You may specifically give the Administrator the full permissions and then boot in Safe mode to run the antivirus software to remove the virus.

     

    2. Please contact your antivirus program manufacturer support to see if they have special update or tools to complete remove the viruses.

     

    3. Actually, the officially recommended method is still to format and re-install the compromised computer from a known good build (i.e. operating system CD + all security patches while disconnected from the network). For more information on hacking, please see these links:

     

    Help: I Got Hacked. Now What Do I Do?

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

     

    Help: I Got Hacked. Now What Do I Do? Part II

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx

     

    How A Criminal Might Infiltrate Your Network

    http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/default.aspx

     

    Malicious Software Removal Tool

    http://www.microsoft.com/security/malwareremove/default.mspx

     

    The Day After: Your First Reponse To A Security Breach

    http://www.microsoft.com/technet/technetmag/issues/2005/01/IncidentResponse

     

    4. You can also contact your antivirus vendor for assistance with identifying or removing virus or worm infections. If you need more help with virus-related issues, contact Microsoft Product Support Services.

     

    For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates.

     

    I hope this helps. Thank you for your time and cooperation!

     

    (Please note that the newsgroups are staffed weekdays by Microsoft Support professionals to answer your non-urgent, break/fix systems and applications questions. Our goal is to provide 24 hour response to all questions. If this response time does not meet your needs, please contact Customer Service and Support (CSS) for more immediate assistance. For more information on available CSS services, please click here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607.)

     

    Regards,

     

    Sabrina


    This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Sabrina Shen Monday, January 3, 2011 5:45 AM
    • Edited by Sabrina Shen Friday, April 6, 2012 3:35 AM PCSafety Center update
    Wednesday, December 29, 2010 6:08 AM