Pages from the lab book of a pc tech: analysis and eradication of the destructive Trojan. Win32. Weelsof virus.

A new associate came by the office yesterday, carrying her suffering computer along with her. She described regular warnings from her anti-virus software program, Avast!, showing possible corruption within the C: ProgramData directory. She added that the alerts pointed out dodgy processes attempting to utilize system resources to communicate with an external internet site: urbangood. info.

I’ll have a quick moment here to bring up the anti-virus software program Avast!. I recommend Avast! to each one of my customers and family. I incorporate it in a collection of essential tools I implement on a day to day basis when repairing computers. It’s simple to find why Avast! retains very high ratings on the Cnet software download website. Not only does the personnel regularly update the software package with the most current virus definitions but the user help support is nearly unrivaled.

Alright, proceeding with the fix. To begin with, I update and carry out a quick scan with the anti-virus software program, Ikarus, currently installed on the system. Verified, The Ikarus analysis suggests existence of the Trojan. Win32. Weelsof trojan.

A quick word concerning Trojan. Win32. Weelsof, the formal identity of a vicious trojan linked with notorious ransomware, such as the UKASH virus, acknowledged for intimidating computer users into spending cash to have control of their computers relinquished. The functionality of the malware include spying on the infected pc, sending confidential information, and installing or executing other viruses from a remote server.

Indications of contamination involve computer system operations slowing down to a halt in addition to the occurrence of dodgy files and processes located specifically in the C: ProgramData directory. Numerous computer users acquire the malware through:

1. Drive-by scripts located on corrupted shareware and freeware sites and downloaded to the computer with no knowledge or consent.
2. Clicking suspicious pop-ups or hyperlinks.
3. Launching email attachments from unidentified origins.

I proceed to download, to the afflicted computer, my array of handy pc repair tools which include: Avast!, OTL, ComboFix, MalwareBytes and TDSSKiller. The first action, toward eliminating this virus, includes performing an OTL diagnostic. The OTL analysis reveals unwanted files located in the C: ProgramData and C: Users[users]AppDataRoaming directories, Alternate Data Streams in the C: ProgramData and C: Users[user]AppDataLocal directories and needless Web browser toolbars. taking into account the latest malware defintions, I’m relatively positive the dodgy files and Alternate Data Streams in the C: Users[users]AppDataRoaming and C: Users[user]AppDataLocal are not created by the Trojan. Win32. Weelsof virus – they need elimination nevertheless.

I produce an OTL script and run the fix. The OTL log suggests a clear system.

I restart the pc and it starts to operate faultlessly.

Posted in Virus, Malware And Spyware Removal

Leave a Reply

Call Us!
Call us for a free analysis.
(818) 674-0941
Poke us