A little M$ "fun" which I had to suffer to help a colleague.
The Trovi and Omiga monsters. It turned out it's a complete disaster to remove them.
First I installed SpyHunter with a patch (for obvious reasons). It scanned and cleaned out the registry, but the trovi remained in new tabs. Furthermore, the SpyHunter started killing the windows.
So, here's the deal:
0. Install SpyHunter and let it remove the malware and adware from the registry. If at this point everything is ok, just uninstall SpyHunter and go to step 7. Else, go to 1.
1. Start Windows in SafeMode with Network.
2. Try removing Trovi and Omiga from Add/Remove Programs (or whatever its name is in win 7)
3. Go to "http://support.microsoft.com/mats/Program_Install_and_Uninstall" and use the script to remove everything you want to remove.
4. Go to Program Files (or Program Files x86) and remove the folders of the programs you managed to uninstall.
For example, I wanted to remove SpyHunter.
So I uninstalled it with the script, then I removed its folder from Program Files x86.
Then :
5. Start->msconfig
6. Go trough the tabs and clean everything you find unwanted (google whatever you're not sure for)
Especially, go trough StartUp and Services.
Click Apply.
Restart.
You can find more on this here.
So ideally, with this we have successfully removed SpyHunter.
Then, in the case of this computer, one could still see Trovi when hitting New Tab in Mozilla. To remove this: 7. Start->Command Prompt
8. cd C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\XXX.default (this is the profile folder you find by typing in start)
9. findstr /m /s /i trovi *.*
findstr turned out to be the only practical way to find the files which contain certain word, in our case "trovi"
So you get a list of the suspicious files.
10. Edit with Notepad replacing "trovi.com" with say "google.com"
- prefs.js
- search-metadata.json /here you can as well delete all the unwanted things, just keep in mind to match all the {}
11. Additionally, you might want to check all your Shortcuts to Firefox (Desktop, Start Menu etc) right-clicking and selecting Properties. There, in the "Target" and "Start In" fields, you might find some long string containing "trovi", "omiga" and other stuff. Just remove everything after .exe and close with a " (you need to have one " in the beginning and one " in the end of the field.
Click ok/apply and do it for all the shortcuts you see this long string leading to Trovi.
Ideally, this should get rid of the idiotic adware (or malware or spyware, don't know what it is). Even more ideally, please use Linux, because your colleagues usually have better things to do than wasting days on helping you clean up your Windows.
The Trovi and Omiga monsters. It turned out it's a complete disaster to remove them.
First I installed SpyHunter with a patch (for obvious reasons). It scanned and cleaned out the registry, but the trovi remained in new tabs. Furthermore, the SpyHunter started killing the windows.
So, here's the deal:
0. Install SpyHunter and let it remove the malware and adware from the registry. If at this point everything is ok, just uninstall SpyHunter and go to step 7. Else, go to 1.
1. Start Windows in SafeMode with Network.
2. Try removing Trovi and Omiga from Add/Remove Programs (or whatever its name is in win 7)
3. Go to "http://support.microsoft.com/mats/Program_Install_and_Uninstall" and use the script to remove everything you want to remove.
4. Go to Program Files (or Program Files x86) and remove the folders of the programs you managed to uninstall.
For example, I wanted to remove SpyHunter.
So I uninstalled it with the script, then I removed its folder from Program Files x86.
Then :
5. Start->msconfig
6. Go trough the tabs and clean everything you find unwanted (google whatever you're not sure for)
Especially, go trough StartUp and Services.
Click Apply.
Restart.
You can find more on this here.
So ideally, with this we have successfully removed SpyHunter.
Then, in the case of this computer, one could still see Trovi when hitting New Tab in Mozilla. To remove this: 7. Start->Command Prompt
8. cd C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\XXX.default (this is the profile folder you find by typing in start)
9. findstr /m /s /i trovi *.*
findstr turned out to be the only practical way to find the files which contain certain word, in our case "trovi"
So you get a list of the suspicious files.
10. Edit with Notepad replacing "trovi.com" with say "google.com"
- prefs.js
- search-metadata.json /here you can as well delete all the unwanted things, just keep in mind to match all the {}
11. Additionally, you might want to check all your Shortcuts to Firefox (Desktop, Start Menu etc) right-clicking and selecting Properties. There, in the "Target" and "Start In" fields, you might find some long string containing "trovi", "omiga" and other stuff. Just remove everything after .exe and close with a " (you need to have one " in the beginning and one " in the end of the field.
Click ok/apply and do it for all the shortcuts you see this long string leading to Trovi.
Ideally, this should get rid of the idiotic adware (or malware or spyware, don't know what it is). Even more ideally, please use Linux, because your colleagues usually have better things to do than wasting days on helping you clean up your Windows.
Няма коментари:
Публикуване на коментар