The Airline Ticket Virus: How to Remove

One of the recent viruses we’ve seen has been the airplane ticket virus. The email shows flight information and instructs the recipient to open the attachment which looks like a Microsoft Word document but is actually a virus. The virus installs a rootkit and embeds itself into a Windows computer. How to remove:

1 – Hopefully you have AVAST or a similar anti-virus program installed already. In AVAST you create a custom scan (bottom right corner) and in the Scan Areas section choose Rootkits Full Scan option and run this on all hard disks.

2 – Boot into safe mode with networking and use combo fix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix. Combofix will restore system setting the virus modified – such as disabling ctrl-alt-del and hiding desktop icons.

3 – Back in Windows Normal mode, run Malwarebytes and remove the final virus items.

Source:
1 – http://www.mcbsys.com/blog/2011/11/new-airline-ticket-virus-email/

mpasatieri posted at 2012-1-20 Category: OS