Last night I had a client with a rather large malware infection on his PC. The client previously stated that if I could fix the issue in 1.5 hours or less he would hire me. Of course, I said I could!
90% of the malware was easily removed with malwarebytes anti-malware and then I loaded Avira AntiVirus version 8 (avg once again failed to install…man…avg needs a new installer).
Avira AntiVirus found what MalwareBytes did not…a nasty little bug called TR/Trash.gen. Trash.gen I think was some sort of vundo infection. It was located in system32 and had a file format of xxxxxxxx.dll. This Trojan was locked…very locked and could not be removed with any av/am scanner.
When I encounter Trojans that are as protected as this one I have 3 options that will allow me to manually remove locked malware. I will create some quick YouTube vids to show you how to use each of these tools tonight.
- FileAssassin tool inside of MalwareBytes Anti-Malware
- Pocket KillBox
- UBCD4Win
Choice 1 and 2 work about 90% of the time, and choice 3 has worked 100% of the time. I used UBCD4win on last night’s call to get rid of TR/Trash.gen.
Locked / protected malware represents one of the biggest threats and challenges to the anti-malware community (both for anti-malware producers and users).
If you have any other tools to remove locked files please shoot me a comment on this post.