Got a call this morning about a computer taken over by a ransomware.
- The program is called: Clean This
- One of the malware is named: gog.exe
- It hijacks Windows Explorer shell.
- It runs even under Safe Mode.
What to do:
- Download ComboFix from Bleeping Computer using other computer.
- Boot the computer into Safe Mode with Command Prompt.
- Copy the ComboFix into the Computer whichever way you can.
I accomplished that by launching Task Manager, then do “New Task (Run…)” to copy and run ComboFix.
- Don’t worry about Recovery Console for the time being.
- Let ComboFix do its job.
- Go back to Safe Mode with Networking and run ComboFix again.
- Reboot to Windows XP in Normal Mode.
- Start > Run > mrt.exe – and do Full Scan
- Run whichever anti-virus you have and do full scan.
- Run Spybot – Search & Destroy to clean up the leftover.
That’s basically what I did.