|
Download Internet Explorer 8
Advertisement
How to get rid of
the SbCtri.exe Virus
Well, that's how I call it since I have
virtually no info of it, all I know is that it installed
itself into one of my machines and searching the internet
brought no results so I don't really know what it is, what
it does and how it came in (although I do have an idea).
Ok, if you are reading this and do what I
suggest you to do and then your PC does'n go wromm wromm
anymore it's your own fault for reading me so if you are
likely to use me as your scapegoat for your own actions,
leave this site now by going
HERE.
----------------------------------------------
Ok let's go to the point, unfortunately
I'll go by memory so you might sometimes have to fill the
gaps, i'll include screenshots to walk you through some
real easy stuff so it'll seem more complicated than it is.
How did the virus first manifest
itself?
My firewall warned me that
C:\WINNT\system32\drivers\SbCtri.exe was trying to connect
to some site.
See below screen for what it looked like:
I might be wrong but I suspect the above
site might have nothing to do with this.
I went there and nothing came up so
perhaps the hacker owner of this virus directed all of us
zombies to the above site to crash it. I am not sure nor I
care.
What I did next was to try and delete the
SbCtri.exe file but it was not possible.
Btw it was hidden and had "system
file" attributes so it was double hidden .. as you go
there, (to the
C:\WINNT\system32\drivers\SbCtri.exe location)
click the "show files" link in Winnt folder as shown
below:
then do the same when in the System32
folder as shown below
When you get to the Drivers folder, change
the folder options as shown below
then on the win that comes up, do the
below
and then tick the "show bla bla" and
untick the "hide operating bla bla" as seen below, then
CLICK OK.
did I say you must click ok?
Look in that folder for the SbCtri.exe
file which will be there in full view.
Now, I am not sure if I right clicked on
the SbCtri.exe file to see if it was read only, I don't
have it anymore so can't remember, just do it and untick
the read only (if it applies), then click ok.
Then hit delete and it won't delete, so
come here and go to the
kill files in use page, grab the little program and
use it to kill the SbCtri.exe.
This time the little mo fo does die.
At this point you could leave it like
that, but next time you restart you PC you'll get a popup
that window didn't find the
C:\WINNT\system32\drivers\SbCtri.exe file.
So we will now get into the registry to
delete the entry for it. The following technique is also
useful to fix similar cases where windows looks for a file
and doesn't find it, throwing up an annoying popup.
They all say that messing with the
registry is dangerous if you don't know what you are doing
and so you never do and so you'll never learn to mess with
the registry.
I won't say that, (since I have already
warned you that you are on your own) and here is what you
do:
Go to Start > Run, type regedit and
hit OK as you see in the screen below:
you'll get to the Registry as you see
below:
now you hit Ctrl + F or go to Edit > Find.
On the box that comes up, type SbCtri.exe
then hit OK.
The editor will look for the SbCtri.exe
entry and will bring it up. If you are logged in as
Administrator you will now be able to right click on the
entry on the right to delete it, see the entry below under
Shell:
After deleting it, look for it again, just
in case it is somewhere else, I can't remember now if it
was somewhere else.
At this point you should also look
for an entry called "Service Controler" and it
should bring up: imagepath REG_EXPAND_SZ
in My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Service
Controler
You need to delete the imagepath
REG_EXPAND_SZ
That's it, your PC should now be free of
the Virus/Spyware whatever you want to call this thing.
----------------------------------------------------------------------------------------------------------------------
One way to be safe from any virus would be
to log into your computer as a guest.
As you know, guests don't have permission
to modify any files nor to install anything so you should
be 100% safe there.
The way I do it is I give Administrator
privileges to a guest, then I install all my programs,
prepare the PC as I want it, then I log in as the main
Administrator and from there I remove all privileges to
the guest, then I simply log in as the guest.
The downside is that every time you need
to install anything you must login as the Admin, give
Admin or Power User privileges to the guest, login as a
guest, install the whatever, then go back in as the Admin
to remove privileges again.
This is why this pc became infected, it is
the one I mess with and so I always log in as an Admin and
if a virus ever gets past the firewall and antivirus (it
had never happened before) the pc gets infected.
Obviously this isn't the PC I use to get
into my internet banking! The other ones are all protected
as I mentioned before.
Also, this pc is used to print and often
shares files with others so it has network
neighborhood options fully enabled (within the
firewall) and this could be a vulnerability.
Ideally you enable those options only for
a short moment while you need to browse from one pc to the
other but I have found that sharing a common external hard
drive is better, anyway that's another story, I hope this
somehow helped you.
If you like this page please add it to your
social bookmarks and help others find
it!
|
