Windows Telemetry Center has been renamed quite a few times. Here are some of the other names:
This one in particular does not have any type of activation code. However, the sample that I tested was older, so there are activation codes that work with the newer iterations. Here is one of them thanks to Xylitol:
0W000-000B0-00T00-E0020
This one is a bit harder to remove if you do not activate it. I had trouble with MalwareBytes' in particular, it kept freezing during removal. The best way that I found to remove this one is using Hitman Pro 3.6. Here are the links to this tool:
For 32-Bit: http://dl.surfright.nl/HitmanPro36.exe
For 64-Bit: http://dl.surfright.nl/HitmanPro36_x64.exe
I found that running Hitman in Breach Mode was the way to go. To do this, you need to hold down the Ctrl key on your keyboard, and then double-click to open the program. You will see your explorer shell disappear and Hitman will be the only thing on the screen. Let it scan and remove. You will need to do a supplemental scan with MalwareBytes' after Hitman does his job.
Registry Keys (list shortened for relevance):
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (about 750 of these)
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegedit
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Inspector
Files:
C:\WINDOWS\system32\at.exe
C:\WINDOWS\system32\cmmon32.exe
C:\Documents and Settings\<User>\Application Data\Protector-<random>.exe
No comments:
Post a Comment