Yesterday, I had a virus removal in the San Diego area and came across an infection that I had never seen. Combofix, Malwarebyte's, Hitman, and TDSS Killer failed to detect this virus, but Microsoft SecEss would pick it up with quick scans or idle time scans. Unfortunately, MSE fails to remove this infection, so I checked the file path (C:/Windows/assembly/temp/kwrd.dll) and navigated to it. Not there. Show hidden folders and files. Not there. After consulting the almighty google, I found this fix.
Open a command prompt and enter these commands:
1. cd c:/windows/assembly
2. attrib -r -h -s desktop.ini
3. ren desktop.ini desktop.bak
Voila! You can now see kwrd.dll and delete it. Reboot system and quick scan with MSE to confirm removal if necessary.
No comments:
Post a Comment