You can certainly curse your luck if your PC is infected by a SONAR.Heuristic.120 virus. If you don’t know what it is and what it does, your system as well as privacy may be at a great risk. Hence, in this Techspirited article, we tell you what a SONAR.Heuristic.120 virus is, and how you can get rid of it.
Did You Know?
The Oxford English Dictionary defines heuristic as ‘enabling someone to discover or learn something for themselves’. In the context of computers, it is ‘the act of proceeding to a solution via trial and error through loosely defined rules’.
The SONAR.Heuristic.120 is a high-risk Trojan horse that can cause significant damage to your system. It is a ‘sticky’ virus such that even if you use a good antivirus program to get rid of it, it is able to rebuild itself and keeps returning again and again.
Once the SONAR.Heuristic.120 virus gains entry, it reconfigures your system settings to automatically activate itself every time the computer boots. It runs in the background performing destructive activities such as terminating security processes, blocking downloads, corrupting system files, including system restore. It is capable of gathering sensitive date from your PC and sending it to remote servers being used for malignant purposes. It alters your computer’s system security settings, typically leaving it in a highly vulnerable and unprotected state. By doing this, the SONAR.Heuristic.120 virus essentially opens up a gateway for more viruses and online infections to enter into your system.
Since the SONAR.Heuristic.120 is so dangerous, it is advised to get rid of it immediately after detection. However, it is known to be extremely stubborn. Most antiviruses are able to quarantine it but are usually unable to completely remove it. This is because the software mostly employ what is known as statistical analysis, which relies on existing virus definition in their database. Basically, during scans, they cross-verify each possible infection with a list of known virus definitions looking for a match. Thus, if an undefined virus, such as the SONAR.Heuristic.120, enters the PC, these antiviruses are unable to detect it.
In the following sections, we shall discuss the common symptoms shown by a computer infected with this virus, and then find out how to get rid of it.
Symptoms
The following are a few of the most common symptoms displayed by a computer infected with a SONAR.Heuristic.120.
1. Files present on your hard drives re-open automatically even after being erased.
2. Your browser’s start page, search page, as well as error page are all modified.
3. Unknown programs show up in your computer’s process list.
4. Your browser is plagued with annoying advertisement and security pop-ups.
5. You system’s processing speed gets severely affected.
SONAR.Heuristic.120 Virus Removal: Antivirus
Most new antivirus programs, such as the Norton Heuristic Virus Removal tool, employ what is known as heuristic analysis. Typically in it, the antivirus executes a suspected program, within a special virtual machine environment, keeping it isolated from the real machine. It then analyzes each of the program’s codes and monitors for common viral activities such as replication, file overwrites, attempts to hide existence, etc. If any such activity is detected, the suspicious file is flagged as being a virus, and the user is alerted.
A good antivirus capable of performing heuristic analysis may be able to remove the SONAR.Heuristic.120 virus. However, if it fails to do so the following manual method would definitely be helpful for getting rid of it.
SONAR.Heuristic.120 Virus Removal: Manual Method
The following is the manual method of removal of this dangerous virus. However, do note that it requires a higher level of computer expertise. It is recommended, therefore, to seek professional help while attempting it.
Steps to Remove SONAR.Heuristic.120
For complete removal of the SONAR.Heuristic.120 virus, you will have to locate and delete all the files, folders, and registry keys that it has created. It is also recommended that you backup all your important data before proceeding.
Step 1
Restart your system, and keep hitting the ‘F8’ key repeatedly, until the Windows Advanced Options menu opens up. In it, select the ‘Safe Mode with networking’ option and hit ‘Enter’.
Step 2
Now press the ‘Ctrl+Shift+Esc’ keys simultaneously to launch the ‘Windows task manager’. From this window, locate the process which has a random name – [random].exe, and click on ‘End process’ to stop it from working.
Step 3
After you have stopped this process, depending upon the version of your operating system, do one of the following.
For Windows XP
a) Close all the running programs, and from the ‘Desktop’, click on ‘Start and select the ‘Control Panel ‘menu option.
b) In the ‘Control Panel’ window, click on the ‘Appearance and personalization’ icon. Once there, select the ‘Folder Options’ category, and click on ‘Show hidden files or folders’.
c) In the Hidden Files and Folders section, select the radio button next to the ‘Show Hidden Files, Folders or Drives’ label.
d) Next, uncheck the checkbox labeled ‘Hide Extensions for Known File Types’ and after that, uncheck the checkbox next to the label ‘Hide Protected Operating System Files’.
e) Click on the Apply button to apply these settings and then click on the OK button.
For Windows Vista/7
a) Click on Start and select ‘Computer’. In its window, click on the ‘Organize’ tab on the top. From the drop-down menu, select ‘Folder and Search Option’.
b) A new window will open up. In it, click on the radio button next to the ‘Show hidden files, folders and drives’. Below it, uncheck the checkboxes next to ‘Hide extensions for known file types and Hide protected operating system files (Recommended)’.
c) Click on the Apply button to apply the settings, and then on the OK button to close the window.
For Windows 8/8.1
a) Click on the Windows Explorer to open its window.
b) Click on the View tab and in the drop-down menu, put a check on the box across the ‘Hidden Items’.
Step 4
Now you have to remove all the files associated with the SONAR.Heuristic.120 virus. They can be located by calling out ‘Run’, by pressing the ‘Windows+R’ keys on your keyboard, and then typing in the following one by one.
%Temp%\random.exe
%System%\setup.ini
%AllUsersProfile%\Application Data\.dll
%SystemRoot%\system32\%Temp%\
%UserProfile%\Start Menu\Programs\random.lnk
%AppData%\Protector-[random 3 characters].exe
Step 5
After you have deleted the files, the last step is to terminate the registry entries made by the SONAR.Heuristic.120 virus. For this, again call out the ‘Run’ box and type in ‘Regedit’. Click OK to open the ‘Registry Editor’, and in it individually locate and remove the following.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32:Sirefef-HO [Rtk]
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = C:\WINDOWS\Network Diagnostic\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SD2014” = “%AppData%\\.exe”
HKEY_CLASSES_ROOT\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32 “(Default)” = “\.dll”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “courts” = %AppData%\p1.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%LocalAppData%\.exe” -a “%1” %*
Note: There are no viruses capable of running on MAC OS X, so in general, it is immune to attacks from heuristic viruses.
Latest antivirus software employing heuristic scanning might be able to detect and remove these viruses; however, in case they fail, it is advised that you employ the manual method described above under the supervision of an expert.