We need to do some work in the registry to get rid of the TELLCOMA.EXE.
Backup the registry1. Click Start, click Run, type (or copy and then paste)
%SystemRoot%\system32\restore\rstrui.exe, and then click OK.
2. On the Welcome to System Restore page, click Create a restore point, and then click Next .
3. On the Create a Restore Point page, type a name for the restore point and then click Create
4. After the restore point has been created, click Close.
* Remember or write down the name you give the restore point.
Kill the tellcoma processOpen Windows Task Manager by pressing
CTRL+ALT+DELETE all at the same time and choose the processes tab.
In the list of running programs locate the process:
TELLCOMA.EXE and right click it then choose
End taskClose Task Manager.
Remove tellcoma from the registry1. Open Registry Editor. Click Start>Run, type
REGEDIT, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
Microsoft Telecoma Center = "tellcoma.exe"
4. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>RunServices
5. In the right panel, locate and delete the entry:
Microsoft Telecoma Center = "tellcoma.exe"
6. In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
7. In the right panel, locate and delete the entry:
Microsoft Telecoma Center = "tellcoma.exe"
8. Leave Registry Editor open.
Restoring EnableDCOM and RestrictAnonymous Registry Entries1. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Ole
2. In the right panel, locate the entry:
EnableDCOM = "N"
3. Right-click on this registry entry and choose Modify. Change the value of this entry to:
EnableDCOM = "Y"
4. Close Registry Editor.
Toggle System Restore to clear infected restore points1.
Turn off System RestoreOn the Desktop, right-click
My Computer.
Click
Properties.
Click the
System Restore tab.
Check
Turn off System Restore.
Click Apply, and then click OK.
2.
Restart your computer3.
Turn ON System RestoreOn the Desktop, right-click
My Computer.
Click
Properties.
Click the
System Restore tab.
UN-Check
Turn off System Restore.
Click
Apply, and then click
OK.
Run HousecallUse the
Trend Micro Housecall Scan- Click Scan Now. It's Free
- Read and put a Check next to Yes, I accept the Terms of Use
- Then click Launch HouseCall Wait for the Java-Based Housecall Kernel Test
- Click Starting Housecall and wait for the updates to finish.
- Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
- It will download the latest scan engine and pattern files. When the definitions have been downloaded, the scan will start.
- Please wait while HouseCall scans your system…
- Once the scan is complete, it will take you to the summary page.
- Under Cleanup options choose Clean all detected infections automatically
- Click the Clean now>> button.
- When presented with a notification According to your instructions, all detected infections were cleaned..., click OK
- The Housecall log is saved to C:\Documents and Settings\UserName\.housecall\log\
Check for Updates
Go to www.windowsupdate.microsoft.com and check for any updates.
Next post
Housecall log
New HijackThis log