When computer boot, CIS block ELwhOqs8oT5L.exe!
Yes, this is in the process, but when I try to locate this file, and go to temp folder, seems it isn’t there!
But when I end process, next time when pc boot, it appear again!
How to solve it, thanks!
CIS: 5.0
OS: windows 7 U 64bit
[attachment deleted by admin]
this is in the process, but when I try to locate this file, and go to temp folder, seems it isn't there!
i'm kind of lazy right now (It's probably the benadryl) to write a big post, but here is how to show hidden files that you can't see for window 7 (It has pictures too)
http://www.bleepingcomputer.com/tutorials/tutorial151.html
But for the main problem
But when I end process, next time when pc boot, it appear again!
Theres a few ways to solve this
Either do it in windows "safe mode"
or a better way:
Use a boot disk to clean it (I like “languys” idea of using a boot disk)
-
http://www.softpedia.com/get/Antivirus/Kaspersky-Rescue-Disk.shtml <—this is the boot disk, make sure it’s up to date
-
Since it’s an .iso file, you need to make sure you can burn image files (I think windows has a built in one, I’m not sure because I never used it) There’s also “nero”, “imgburn”, “magiciso” and others. Just burn the .iso file using one of those.
-
Start the computer with the disk in it
side notes
Boot from the Kaspersky Rescue Disk to scan and remove threats from an infected computer without the risk of infecting other files or computers.
Burn this ISO image to a CD, insert it into the infected system’s CD-ROM drive, enter the PC’s BIOS, set it to boot from the CD and reboot the computer.
===========================================
If you can’t figure out how to use the bootdisk or clean it from safe mode, just post back here. I’ll write a simpler step-by-step way <—the benadryl side effects should be gone by then
Good luck
To stop it from booting, simply open comodo, go to the defense + tab, go to View active processes → locate the file and then right click → terminate & block (provided the above explanation didn’t work. this is what I do with all my files that are running & i dont want them to be, it’s short and fast)
To stop it from booting, simply open comodo, go to the defense + tab, go to View active processes -> locate the file and then right click -> terminate & block (provided the above explanation didn't work. this is what I do with all my files that are running & i dont want them to be, it's short and fast)
That's pretty effective for the most part, unless it keeps generating random file names. :)
I thought as long as a program was blocked by comodo it can do pretty much absolutely nothing. if stuff is allowed to change its name that sucks o:
I thought as long as a program was blocked by comodo it can do pretty much absolutely nothing.
While not writing in stone, that's basicly is true. But there is always someone out there (with the skills to do it) that would be hell-bent on trying to create some type of senerio or situation with the right zero-day exploits and human-error needed to prove thats wrong.
It’s like winning the state lottery twice :o , of course, it is possible But it’s highly unlikely.