Since we're having problems with the keys getting replaced when we remove them, this time we're going to run a different tool, and replace the "bad" keys with dummy keys, hopefully this way they won't get recreated when we remove them.
Download Avenger by Swandog and unzip it to your Desktop.
Note: This programme must be run from an account with Administrator priviledges.
- Open the Avenger folder and double click Avenger.exe to launch the programme.
- Copy the text in the code box below and Paste it into the Input script here: box (don't include Code: Select all).
- Code: Select all
Registry keys to replace with dummy: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12A61307-94CD-4F8E-94BC-918E511FAA81 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
- Ensure the following:
- Scan for Rootkits is checked.
- Automatically disable any rootkits found is Unchecked.
- Press the Execute key.
- Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
- Post the log back here please. (it can also be found at C:\avenger.txt)