The .exe gets placed into your profile:
(Windows 7)
C:\Users\
In my case, this was loaded with Chrome. So to delete it you will need Chrome closed. You can also use Process Monitor from Sysinternals:
https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
To look for the process and kill it.
Then go to Start>Run and type in %appdata% and hit enter.
If the Run box is not visible for you, just type %appdata% in your programs search box.
That should open up your appdata location. It will default to Roaming. You want Local. So at the top where you see the path in the address bar, click one folder up 'AppData' and then click 'Local'.
Unless you have already removed it, you should have a Vosteran folder. Right click that folder and choose delete. If it will not delete, then you might want to reboot into safemode and try it again.
Next, they are nice enough to alter your registery also. In HKCU\Software\ you should have a Vosteran and Vosteran Browser keys. You will want to delete these also
Right click each root key and delete.
I went into Chrome and removed Vosteran as an extension. But, if you need to you can open regedit and have a look at HKLM\Software\Google\Chrome\Extensions and see if it is there. If so, delete.
I do not now what would have happened if I was using a different browser at the time. So you may need to check things like Manage Add-ons in IE. Or equivalent in Firefox.
This 'infection' came from me updating FreeFileSync. Sad. I posted on their forum about this. It is bull to do this to people.
Hopefully I have provided enough information to help you clean this off your system.
If needed, you can always fall back on two tools. Proccess Monitor and look for suspicious process and Procmon, use it to see if vosteran is running. Track it down using Procmon.
No comments:
Post a Comment