Friday, September 16, 2011

Get Rid of Excellentsearchserver.com hijacker as a TDSS type rootkit


Excellentsearchserver.com is the same misleading page as dayoftheweek.com pages (there is a total of 7 pages which web-address slightly differs). It is only that the new name has been assigned to the url.
The tactic is almost as old as the scan itself. Criminals try to evade prosecution taking imaginary names; fake security solutions for computer system chiefly exist as groups of clones, in which clones are eliminated as their names become too much notorious and new names are introduced to increase chances of tricky software to cheat users into thinking they deal with genuine security solutions.
That is, remove Excellentsearchserver.com related infection as that is almost the same hijacker that was in use when the above dayoftheweek.com sites were promoted.
The hijacker is deemed to be a TDSS type rootkit. Removal of Excellentsearchserver.com hijacker is available on completing free scan right here
 
Excellentsearchserver.com screenshot:
 



Delete infected files:
 C:\Windows\system32\consrv.dll
 C:\Windows\system32\DRIVERS\mrxsmb.sys
Delete infected registry  values:
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

No comments: