-
PS: You can also use Registry Scanner by NirSoft to achieve much the same effect as described above. The download links are quite well hidden on that page: search for "Feedback" and you'll see the links for different versions depending on which operating system you're using about 3/4 of the way down the (quite lengthy) page. It's a utility for finding Registry items by date. -
Don't want to teach my granny to suck eggs, but have you tried malwarebytes ?Originally posted by OwlHoot View PostLeave a comment:
-
NB: This will only work if you roughly know the date on which the infection occurred. It depends on you being able to identify rogue Registry entries by date, rather than by name.
__________________________________________________ ____________________
Firstly, use WhatInStartup (full details here) to check which utilities are set to run when Windows starts, and disable any items that are suspect. If this works, you might not need to worry about the steps below.
Failing the above, read on.
If you don't already have it, download and install Notepad++. You'll need it to analyse the Registry.
With reference to the following screen dump (which demonstrates more than one step in a single view) :
- In RegEdit (which you already indicate you know how to access), right click on "Computer" and select "Export".
- Choose to Export a copy of the Registry as "text", and select a local location in which to save the file. This may take up to a minute if the Registry is large (which it probably will be), so don't worry if the computer hangs for a bit.
- Open up the text-encoded copy of your Registry file in Notepad++.
- Use Notepad++ to selectively identify those registry entries that match the date/time on which the infection happened, by using the "Search -> Find" feature (shortcut: Ctrl+F). Literally, just search for "29/8/2012", or whatever date is pertinent for you. If you're lucky, the infection will have happened at a time when there weren't lots of other changes going on. Otherwise, you'll get an unmanageable number of hits back (e.g., the screen dump above happened to be for a date when I was re-installing SQL Server). If you weren't installing anything else that day, you should get <100 results back. If not, you might need to get creative with Notepad++'s Find function to pin it down to the hour that the infection occurred.
- Once you've identified which registry entries are suspect (they'll probably have ambiguous and innocuous names specifically to prevent you from finding and eradicating them), use RegEdit as normal to delete them.
Leave a comment:
- In RegEdit (which you already indicate you know how to access), right click on "Computer" and select "Export".
-
I found this on DuckDuckGo:
Web Link: Wikipedia:Mirrors and forks/All - Wikipedia, the free encyclopedia
Look under 1bx.comLeave a comment:
-
iask123 toolbar (possibly related to Conduit)
A couple of weeks ago I removed (or thought I had) from a friend's PC all trace of what looks like a nasty bit of malware called iask123, which had hijacked her browser.
I spent 20 minutes picking through the Registry, removing every occurrence, and then deleted the directories it had created in Program files, and to all appearances it had gone. But now the wretched thing is back, and I am wondering how to uninstall it and prevent it recurring.
Curiously, Google returns hardly any results on iask123, and given that is presumably a search bar I imagine Google are deliberately suppressing results for some reason. (If most results would be negative, along the lines of this post, perhaps Google is suppressing results so as not to open themselves to an accusation of putting their competitors in a bad light!)
Anyone else seen this thing? It may be related to something called Conduit.
Leave a comment: