The other specific option is the Symantec tool for Poweliks..
I meant to post this above, but there was a mix-up in my Text-Editor .......................
This tool is designed to remove the infection of the Trojan.Poweliks.
How to download and run the tool
- Selecting "Run as administrator" will result in an incomplete repair. You must be logged in to the Administrator account and all other users must be logged out in order for the tool to work correctly.
- There are two versions of this tool, one designed to run on 32-bit computers and one designed to run on 64-bit computers. To find out if your computer is running a 32-bit or 64-bit version of Windows, please read the following Microsoft Knowledge Base article: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
Follow these steps to download and run the tool:
- Download FixPoweliks64.exe for 64-bit computers and FixPoweliks32.exe for 32-bit computers.
- Save the file to a convenient location, such as your Windows desktop.
- If you are sure that you are downloading this tool from the Security Response website, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the Digital Signature section before proceeding with step 4.
- Close all the running programs.
- If you are running Windows XP, turn off System Restore. For instructions on how to turn off System Restore, read your Windows documentation.
- Double-click the FixPoweliks64.exe or the FixPoweliks32.exe file to start the removal tool.
- Click I Accept to accept the EULA, then click Start to begin the process and allow the tool to run.
- When the tool has finished running, you will see a message prompting you to check the logfile for results.
The removal tool writes a summary of its operation to a logfile named FixPoweliks64.log or FixPoweliks32.log with results similar to the following:
- List of terminated processes
- List of removed registry values
If the system is clean, no restart is required and the logfile will be blank.
Note: If the Removal Tool does not display the following message after being run, please run the Removal Tool again to provide confirmation that the compromised computer has been repaired:
- Trojan.Poweliks has not been found on the system.
Note: If all running programs were not closed prior to successful removal of Trojan.Poweliks it may be necessary to relaunch relevant applications or reboot the computer to restore functionality. This is the result of injected processes being terminated.
What the removal tool does
The removal tool carries out the following actions:
- Terminates the associated processes
- Removes registry keys/values added by the threat