Monday 28 November 2011

Google redirect get-answers-fast.com.

 
Rootkit.boot.SST.B/SST.A AKA MAXSS removal.
clip_image001
  The Get-answers-fast.com google search redirect has been caused by the newer variant of TDL4 the MAXSS aka
Sst.b/a rootkit. This rootkit does not allow the execution of TDSS Killer and running GMER to scan gives the error message.
clip_image002
The rootkit loads using its own partition on the HDD. So running a fixmbr command will no help. One way to deactivate the rootkit is to boot from a paragon partition manager or Hiren’s boot CD and set the rootkit’s partition to inactive. 
  Given below is a grab of the partition. Used by the rootkit.
clip_image004
  The only tools which can clean this up from user mode is the TDSS Killer and the AVP tool from Kaspersky But they both will not run unless they are patched. Here’s a patched version of the TDSS Killer.
http://tinyurl.com/maxssfix

  A screenshot is given below for reference.
clip_image005
  In case the the infection reoccurs then we have to end the callbacks to the other partition and remove the callbacks. We can use Rootrepeal to do this as follows.
clip_image006
clip_image007
clip_image008
Run Tdsskiller, or AVP now and remove the infection.
Thanks
Tausif
clip_image010
clip_image011

Monday 21 November 2011

Unable to copy/paste/drag/drop files in windows

1: Open internet options go to Security à Custom à and check if drag and copy is enabled.
ieopdrag
2: If it is already checked then try to remove all infections and replace the shell32.dll file located at %systemroot%\system32 from dlldump.com or any secure source for the corresponding operating system.

Detect autopilot session

  Ensuring that some apps only install during autopilot is not easily accomplished, you can use the below powershell script as a requiremen...