w32/conficker!mem Trojan not able to remove from svchost.exe file.

w32/conficker!mem Trojan removal

Few of computers in my office got infected due to this virus because of some mistake of team members. I tried to remove the virus using Stinger but Stinger was not able to remove this. I used MacAfee and with latest virus update definition MacAfee was able to protect my system but it started giving me a buffer overflow protection message due to svchost.exe file in windows.

I tried to remove the virus from file using MacAfee but did not get any success for that. Neither from Kaspersky. All the time when I scan my system I was getting message of Virus attached with svchost.exe file in my system. Finally I came up with a solution as replacing svchoste.exe fie from system32 of a new healthy computer to infected computer and that worked out of box.

You will not be able to do this directly so here is a short method for that.
1) Installed a new similar operating system in virtual Machine or where you can.
2) Copy svchost.exe file from c:\windows\system32 folder to your computer.
3) Open c:\windows\system32 folder of your computer.
4) Find our svchost.exe file and rename it as svchost_old.exe.
5) Copy the new svchost.exe file in c:\windows\system32 folder.
6) Make sure to delete the entire scheduled task from C:\windows\tasks folder. Remove those task also that you created you can make them again but don’t take a chance to start this problem again in your operating system.

After doing all this make sure you update your computer with latest virus update or at least update this http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03&displaylang=en

Update for your computer.

I am assuming you have fully working updated antivirus in your system before doing this. If not please go ahead and get a working antivirus for your computer. If you don’t want to buy or you don’t know from where you can get the antivirus free visit www.raymond.cc he is a good guy who provide many software free of cost.

Hope it was useful for you and you liked it.

Thanks for being here.

Read More......

Remove all program for all user other then administrator user from start menu without changing registry or group policy

In one of project a client said he do not want to allow the all program access to any other user expect administrator user on a local machine. I have done this before but only for user who login in a domain. I tried to do that using group policy but in local computer a group policy change affect for all users and I could not do any big change that could cause a critical issue for them on a live server.

After some time I tried to do a tweak and that did work here is the tweak.

They also told me that they do not want to allow the access of the any drive in computer to any user that came as an additional benefit for the above task.

Here is the work that I did.

1) I denied read write permission on c drive for all users other then administrator.
2) I copied all the folder/files from all program/start menu folder from all user and pasted in all program folder of administrator user.

Here is the procedure for that.

1) Login as administrator user.
2) Click on start then write click on all program.
3) Open all users.
4) It will open a folder with folder containing program and may be other installed software for all users.
5) Click on start then all program and then write click on startup of administrator user and click on Open.
6) Make sure not to click on Open All user
7) It will open start up folder of administrator user.
8) Go one folder up that is program folder for administrator user.
9) Cut the program folder from the folder that open on step 4 (all user start menu) and paste it in program folder of administrator user (administrator start menu).
10) You will be able to see the entire program in start menu of administrator user but if you will login with other users you will not be able to have the access of any program other then start menu for other users.
11) To make sure other user can not have access of program file start menu you can disable the access of root drive to other user. It will stop them to access the shortcut but they can use the system without any problem.

Hope it was useful for you.

Read More......
Clicky Web Analytics