How To Remove Services303.exe, Fake Adobe Speed launcher Virus

My cybercafe just got infected this virus yesterday. It’s spreading from removable device users plug into my server. It’s really annoying because my computers starts to hang for 10 seconds and then it run again but very slows. All I notice is windows give notification low virtual memory, I cannot run Internet explorer (but still I can run another .exe application), and I cannot shutdown the computer. It also effect Internet connection speed, but I’m not really sure about this. When I type in command prompt netstats -a I see a lot of established connection (maybe virus sending or downloading something).

Frustrated, I’m looking on google with keyword services303.exe but it’s refers to non computer virus. I believe this is first case of services303.exe documented. Lucky me this virus not spreading in my network so I can stop it fast before it infected others computers. I try scan my computer using malwarebytes, avira, avg, eset32/NOD and they not detects any virus *great*.

The main virus is services303.exe and it’s located in [WINDOWSDRIVE]\DOCUMENTS AND SETTINGS\[USERNAME]\APPLICATION DATA\MICROSOFT\SERVICES303.exe with attributes read only and hidden.

It’s also change your registry in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

It’s set to run services303.exe when computer starts and giving fake program description about Adobe speed launcher.

[to_plus]

How To Remove Services303.exe

1. Run your computers in safe mode.

2. Open command prompt, Go to folder [WINDOWSDRIVE]\DOCUMENTS AND SETTINGS\[USERNAME]\APPLICATION DATA\MICROSOFT\ and type Attrib -s -h /S /D.

3. Once attrib process done you can see file with name services303.exe, delete it! don’t forget empty your recycle bin too.

4. Delete manually auto-start services303.exe in registry, start – run -> regedit and look on this field :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

5. Delete all temporary Internet and windows files. Use ATFCleaner or Ccleaner.

6. Scan whole system with updated antivirus.

Done, Your computers should back normal again. Have a nice day everyone 😀

Similar Posts:

2 thoughts on “How To Remove Services303.exe, Fake Adobe Speed launcher Virus”

  1. I’m a bit desperate, and dunno who to turn to. I tried installing SUPER from http://www.erightsoft.com, I’m using windows 7 and I have Eset smart Security installed on my computer.
    When I opened the installer windows warnd me and asked me to confirm if i wanted this installer change windows etc etc. I said yes, since I have used SUPER in the past in other computers, including this one, but today it wasn’t working well so I decided to uninstall it and reinstalling it.
    So right after I clicked on ok, ESET warned me:
    Object: http://www.dlappstream.com/nsi/nsis-2.46/Testbundle23w_1254.exe
    Threat: Win32/InstallMonetizer potentially unwanted application
    Information: Unable to clean

    I didn’t memorize this, I freaked out so I took a screenshot of it, and I copied the message.
    I’ve been trying to search for information online, but I don’t seem to get any data regarding it -.-
    I searched among my quarantined files and there’s nothing. I searched on the log of the threats and there it is. But it simply shows that URL: http://www.dlappstream.com/nsi/nsis-2.46/Testbundle23w_1254.exe
    I have lots of tabs opened both in firefox and chrome. What are the odds this is coming from a site I’m visiting instead of the SUPER installer? Could it be a coincidence?
    Anyway I’m running a scan with Eset but I’m not keeping my hopes up. It said it was unable to clean it, but what did it do instead?? I’m panicking

  2. I’m sure your computers fine, there is no virus. You may need some adware remover. InstallMonetizer is clean CPI network (I know because some of my software use them as monetization) as publisher we can’t control what they provided on installer. They usually promoting toolbar or programs, Before you install it there is options you want to accept it or not. You need to use hijackthis to remove unwanted registry and fileAssasin to deleted the main file, sometimes you won’t find the files because it’s just temporary installer.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.