Paul said:
My daughter's Dell Inspiron 1200 laptop was infected with the avatod
malware. I remove most of it but there is 1 piece left behind. What looks
like a popup window appears on the desktop. The desktop icons appear on top
of it, so I'm thinking that the "popup" is really on the background. This
model laptop does not allow wallpaper changes, only theme changes. Theme
changes merely change the background color, but the "popup" is still there.
I don't know what to do to get the background back to normal.
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .
Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.
= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit or you can send them here in your next
post) and click [OK] to confirm your Changes.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) and click Apply
then OK to close your IE Properties.
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html
Schedule file rename and delete commands for the next reboot. This can be
useful for cleaning stubborn or in-use malware files.
http://technet.microsoft.com/en-us/sysinternals/bb897556.aspx
Remove these files/folders:
Avatod001.bas
Avatod.exe
Avatod Anti-Spyware 6.0.lnk
Avatod Anti-Spyware 8.0.lnk
Open your Registry Editor and locate this Key then delete the malware from
the run key:
Or you can remove it by using the Autoruns:
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
[-]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\=â€
Avatod†= “C:\Documents and Settings\UserName\Application
Data\Avatod\Avatod.exe /MINâ€
download Hijackthis and send me the log.
(
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
Send me copy to my address is : to_you_ross(at remove this and repalce with
the obvious)yahoo.co.uk
( _ is underscore)
HTH
nass
