Problem with rofl.sys
- Thread starter booyahgz
- Start date
- Status
PanicX
Posts: 648 +1
Try Kaspersky's Online Scanner, requires Internet Explorer 5 or higher.
Tedster
Posts: 5,746 +14
trend micro solution:
Solution:
Identifying the Malware Program
To remove this malware, first identify the malware program.
1. Scan your system with your Trend Micro antivirus product.
2. NOTE the path and file name of all files detected as TROJ_ROOTKIT.AE.
Trend Micro customers need to download the latest virus pattern file before scanning their system. Other users can use Housecall, the Trend Micro online virus scanner.
Restarting in Safe Mode
• On Windows 2000
1. Restart your computer.
2. Press the F8 key, when you see the Starting Windows bar at the bottom of the screen.
3. Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
• On Windows XP
1. Restart your computer.
2. Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
3. Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
• On Windows Server 2003
1. Restart your computer.
2. When you are prompted to select the operating system to start, press F8.
3. On the Windows Advanced Option menu, use the arrow keys to select Safe Mode, and then press Enter.
Deleting the Malware File(s)
1. Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
2. In the Named input box, type name of file(s) detected earlier.
3. In the Look In drop-down list, select the drive that contains Windows, then press Enter.
4. Once located, select the file then press Delete.
Editing the Registry
This malware modifies the system's registry. Users affected by this malware may need to modify or delete specific registry keys or entries. For detailed information regarding registry editing, please refer to the following articles from Microsoft:
1. HOW TO: Backup, Edit, and Restore the Registry in Windows 2000
2. HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Server 2003
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup. In this procedure, you will need the name(s) of the file(s) detected earlier.
If the registry entries below are not found, the malware may not have executed as of detection. If so, proceed to the succeeding solution set.
1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services
3. In the right panel, locate and delete the entry or entries whose data value is the malware path and file name of the file(s) detected earlier.
4. Close Registry Editor.
Important Windows XP Cleaning Instructions
Users running Windows XP must disable System Restore to allow full scanning of infected systems.
Users running other Windows versions can proceed with the succeeding procedure set(s).
Running Trend Micro Antivirus
If you are currently running in safe mode, please restart your system normally before performing the following solution.
Scan your system with Trend Micro antivirus and delete files detected as TROJ_ROOTKIT.AE. To do this, Trend Micro customers must download the latest virus pattern file and scan their system. Other Internet users can use HouseCall, the Trend Micro online virus scanner.
Solution:
Identifying the Malware Program
To remove this malware, first identify the malware program.
1. Scan your system with your Trend Micro antivirus product.
2. NOTE the path and file name of all files detected as TROJ_ROOTKIT.AE.
Trend Micro customers need to download the latest virus pattern file before scanning their system. Other users can use Housecall, the Trend Micro online virus scanner.
Restarting in Safe Mode
• On Windows 2000
1. Restart your computer.
2. Press the F8 key, when you see the Starting Windows bar at the bottom of the screen.
3. Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
• On Windows XP
1. Restart your computer.
2. Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
3. Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
• On Windows Server 2003
1. Restart your computer.
2. When you are prompted to select the operating system to start, press F8.
3. On the Windows Advanced Option menu, use the arrow keys to select Safe Mode, and then press Enter.
Deleting the Malware File(s)
1. Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
2. In the Named input box, type name of file(s) detected earlier.
3. In the Look In drop-down list, select the drive that contains Windows, then press Enter.
4. Once located, select the file then press Delete.
Editing the Registry
This malware modifies the system's registry. Users affected by this malware may need to modify or delete specific registry keys or entries. For detailed information regarding registry editing, please refer to the following articles from Microsoft:
1. HOW TO: Backup, Edit, and Restore the Registry in Windows 2000
2. HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Server 2003
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup. In this procedure, you will need the name(s) of the file(s) detected earlier.
If the registry entries below are not found, the malware may not have executed as of detection. If so, proceed to the succeeding solution set.
1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services
3. In the right panel, locate and delete the entry or entries whose data value is the malware path and file name of the file(s) detected earlier.
4. Close Registry Editor.
Important Windows XP Cleaning Instructions
Users running Windows XP must disable System Restore to allow full scanning of infected systems.
Users running other Windows versions can proceed with the succeeding procedure set(s).
Running Trend Micro Antivirus
If you are currently running in safe mode, please restart your system normally before performing the following solution.
Scan your system with Trend Micro antivirus and delete files detected as TROJ_ROOTKIT.AE. To do this, Trend Micro customers must download the latest virus pattern file and scan their system. Other Internet users can use HouseCall, the Trend Micro online virus scanner.
- Status
Similar threads
Latest posts
-
US TikTok ban could begin next year as Biden signs law, but legal battle looms- Daniel Sims replied
-
Nokia phone-maker HMD launches its first self-branded mobile devices- midian182 replied
