I have tried to clean all virus by myself without downloading any program.
1. I remove application - deskapp and WINSNARE .
- Press Win+R and type Control Panel into the open box.
- Click OK and go to Uninstall a program.
- Highlight the application and click Uninstall.
C:\Users\KennethHu\AppData\Roaming\
C:\Users\KennethHu\AppData\local\
C:\Windows\Temp
C:\Users\KennethHu\AppData\Roaming\WINSNARE\WinSnare.dll
WinSAPSvc
WinSAP.dll
MIO.dll
Kyubey.exe
MIO.exe
.......
3. Hold the Start Key and R – copy + paste the following and click OK:
notepad %windir%/system32/Drivers/etc/hosts
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
4. After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.
Right click on the browser’s shortcut —> Properties.
NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).
t
Properties —–> Shortcut. In Target, remove everything after .exe.
If u got virus, it will become
"C:\ProgramFiles(x86)\Google\Chrome\Application\chrome.exe" http://www.ourluckysites.com/?type=sc&ts=1491368372&z=95570b72381db34651c485cg4z1t1g4c3q0b7cfqdo&from=che0812&uid=SanDiskXSD7SB2Q-512G-1006_153581400776
Correct it to "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
Remove WinSnare from Internet Explorer:
Open IE, click 
—–> Manage Add-ons. remove wired search Providers. please refer this - http://guides.uufix.com/guide-to-remove-startpageing123-com-completely/
—–> Manage Add-ons. remove wired search Providers. please refer this - http://guides.uufix.com/guide-to-remove-startpageing123-com-completely/
My search providers after clean virus search provider.
Find the threat —> Disable. Go to —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.
—–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.
Remove WinSnare from Firefox:
Open Firefox, click 
——-> Add-ons —-> Extensions.
——-> Add-ons —-> Extensions.
Find the adware/malware —> Remove.
Remove WinSnare from Chrome:
Close Chrome. Navigate to:
C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:
Rename it to Backup Default. Restart Chrome.
5. I delete all browsers- chrome , firefox and reinstall them again. 6.At begin, I thought all virus was remove but it come up again at certain time.
My case is around 545 P.M. My Chrome will suddenly close and open again but homepage will redirect to ourluckysites site or other site.
I found out that virus register service in Service.exe and create task in task scheduler.
1. stop service.
2. delete folder where file is.
3. delete service in cmd.exe - SC Delete [service name]
4. delete task in task scheduler.
Is it finish? No, it still will come up and self-install above services and programes.
I believe that the problem must in service.exe or task scheduler.
I open Powershell and execute "Get-WmiObject win32_service | ?{$_.Name -like '*'} | select Name, DisplayName, State, PathNames" -- refer to this http://stackoverflow.com/questions/24449113/how-can-i-extract-path-to-executable-of-all-services-with-powershell
2. find out a virus - FirefoxUpdate.exe - At this time, I already remove firefox. FirefoxUpdate.exe should be not in there. In addition, I cannot see this service in services panel. So I delete it and do above steps again.
Please refer to this - https://trojan-killer.net/firefoxupdate-exe-uvconverter-exe-adware-remove/
Until now, I did not see virus again. I hope I really remove all virus from my laptop.
It is a great website.. The Design looks very good.. Keep working like that!. spams
ReplyDelete