Win32/Olmasco.AD DescriptionWin32/Olmasco.AD is the newest addition to the Win32/Olmasco Rootkit Trojan clan which replaces the original MBR (Master Boot Record) sector of the hard disk drive with its own program code to avoid from being spotted and deleted while making no scruple to carry out its malicious payloads. There are finding that Win32/Olmasco.AD are heavily intertwined with multiple remote servers to receive new commands, download executables and report collected information. Before doing so, it will terminate certain Windows services and make sure it has the admin privilege to execute the tasks. Thus it's no news that if Windows firewall, security center and other installed antivirus are disabled, and it's no exception for Windows task manager in some occasion.
Besides, Olmasco.AD is able to cancel all related processes of its own if they find they are executed in a specific virtual circumstance. The Trojan creates and runs a new thread with its own program code within any running processes, thus sometimes it may be the culprit of unexpected restarts.
Win32/Olmasco.AD Removal ToolsThe Trojan hides its presence in the system by injecting its process in legit running processes. Thus the detecting device may ask to manually remove the remaining parts which makes users confusing since they seems to be non-existent after searching. In order to get rid of Win32/Olmasco.AD, you need to scrub MBR too. Don't know how to make it? Below is the referential steps on how:
Step 1 : Go to Task Manager with Alt+Ctrl+Delete and stop its process.
Step 2: Search for and delete its related files in Local Disk C:
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random]
%Documents and Settings%\[UserName]\Local Settings\Temp\[random]
%Documents and Settings%\[UserName]\Templates\[random]
Step 3: Navigate to remove the registry entries associated as below in Registry Editor:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
= ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
Notes: If you are still confused with above procedures, please click here to contact a 24/7 online expert for more details.