Tuesday, June 26, 2012

Remove TR/Small.FI That Hijacks Browser and Disable Protection of Crucial Files

TR/Small.FI is an internal part of the trickery based on interaction of the virus, internal domain and compromised machine. The following will provide you an enlarged schedule of the scam development.
1. Infecting: spreading methods are common for the virus as it is injected into the files that are usually protected under Windows File Protection policy. Prior to infecting such files, the virus infects winlogon.exe that leads to the nullification of the files protected status and, basically, allows the infection to be injected into targeted files.
2. The infection is copied from PC to PC with infected files and is extracted into random folders, usually within System Files directory, at every subsequent PC.
3. The resulted entry created when infected files is executed is a self-staring redirecting agent. It connects infected machine to websites with pl domain as specified in its latest update so that the remote hackers attempt to control the infected PC via remote server.
Removal of TR/Small.FI is often to be performed together with Virus:HTML/Virut.BH, for that is a detection name for files created as result of the remote server impact. Click here to initiate free scan and get rid of TR/Small.FI, as well as other entries engaged into the scam. 


No comments: