WPA2 hack: How secure is your Wi-Fi?
I'm guessing some people must have heard of this seemingly impossible to remove program/virus which seems to be infecting more and more people(NSIS media). I've been reading up on forum links from google and nobody can find a way to remove it permanantly or find out where it comes from. Thought i would start a post here as they all lead to dead ends everywere else and everyones usually pretty sharp in these forums. I can supply some interesting links on the supject. Everyone who has it seems to be in the same situation. I have avast, ad-aware, spyware blaster plus other bits. i'm always careful what i download and keep all protection up to date but this thing seems to bypass every virus and spyware program on the market. Pop ups seem to be all it does and there is no way to stop them but people on other forums suggest its worse than this and starts to slow systems down and could be a worm or trojan. it has an uninstall program but peolple who have run it say it forces a reboot after and reinstalls it in new folders and spreads. From what i have read the only place's people think it may have come from are firefox, download.com or winamp all of which seem unlikely to me but without installing anything new lately and running updates on these programs i may have to agree. Anybody know of a fix for this??
I had this a couple of months ago. Like you, my computer is well protected and I am very careful what I download. I think I got it from a Firefox update (this could have been a fake. I tried uninstalling and, as you say, it came back. I read that TrojanHunter could remove it. I tried this but while it was running something really messed up my system and I had to do a restore.
I have seen it cleared by using the uninstaller in the program file, rather than Add/Remove programs. I've also seen this fail.
There appears to be a couple of .dlls that propogate it. The name and location seems to vary, but I've seen krnsvr32.dll and wmdmb32.dll (both in the Windows system32 folder) a few times. If these are deleted, renamed or moved the infection doesn't return. Using a tool such as Process Explorer (click here) can identify the processes and dlls being used.
It would be very useful to know a sure-fire way to kill it.
I don't let Firefox update automatically any more. I go to the Firefox site and download the full new version.
When your Pc is OK, do an image of C using Acronis True Image, if problems should ever occur revert back to a regulary updated image.
can anyone tell me what will happen if i do a system restore say from a month or 2 ago. Will this remove infected files. I've never done it befor. Does it completely restore everything back to how it was on that date and erase eerything after??
Thanks for the help so far
I went back about two weeks when I did my system restore (see previous post). I had to do quite a bit of tidying up. For example, I had already re-installed Firefox as part of trying to get rid of NSIS Media. I had to re-install it again. A couple of programs I had installed were not there anymore, although the shortcuts were. No great problem, I just had to be careful to put things back as they were (ie no loose ends). The upside was that NSIS Media had completely gone!
I wouldn't have chosen to do a restore, except that my system got borked when I ran the TrojanHunter scan, and I would keep it as a last resort in the future. Having said that, if you've tried everything else to get rid of NSIS, it possibly is your last resort!
I should have mentioned that your 'My Documents' folder will be untouched. Other folders may be restored to how they were at the restore point.
This thread is now locked and can not be replied to.