This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.FixNCR.reg
insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.
EDIT: also try to run SAS from Safe w Ntworking.
Please download and scan with SUPERAntiSpyware Free
- Double-click SUPERAntiSypware.exe and use the default settings for installation.
For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
- In the Main Menu, click the Preferences... button.
- Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
- Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Click the "Close" button to leave the Control Center screen.
- Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
- If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
- Click the Scan your computer... button.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes" and reboot normally.
To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
- Click the View Scan Logs button at the bottom.
- This will open the Scanner Logs Window.
- Click on the log to highlight it and then click on View Selected Log to open it.
- Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions
for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
Edited by boopme, 02 May 2012 - 10:32 AM.