[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2820
  • Last Modified:

How to remove Fasoo.com DRM software

Some how this got installed on a users xp system? He is remote working from home so I;m trying to remove it remotely. there is a process int he task manager called fph.exe that runs this software and cannot be killed. I have deleted the entires int he registry, but the process just puts them back. I delete the fasoo folder for program files and the process puts it back.  Any idea how to uninstall it or kill this process?

Mcafee av will not remove it or find it.

thanks
0
rdefino
Asked:
rdefino
  • 2
2 Solutions
 
rpggamergirlCommented:
Try RevoUninstaller and see.
http://www.revouninstaller.com/
0
 
rpggamergirlCommented:
If RevoUninstaller won't get rid of it, we can use ComboFix to remove all its files using its script function. ComboFix will stop connection while it's scanning but reconnects soon after before the end of scan.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix



OR, You can try running RogueKiller, without rebooting followed by a Quick scan of MalwareBytes and see if it gets it.
Here's http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.htmlan article of RogueKiller.
0
 
Melannk24Commented:
You may be able to kill the process by using Sysinternals' pskill.  Sysinternals, now owned by Microsoft, has a set of tools you can download and install, http://technet.microsoft.com/en-us/sysinternals/bb896649.  I've had a few instances of malicious processes that would not die, but I was able to kill them using pskill and that enabled me to delete locked files on the system as well.  
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now