Keep it off the network as much as possible.
Also a software firewall (like Zone Alarm) will help control the "phone
home for updates".
Another tool I used for those "really hard to remove stains", is
KillBox. You can give it a list of files to be deleted at the start of
the next boot.
I've had one that was still locked in memory (and recreating itself to
new file names and restoring reg keys) in safe mode with explorer exited.
(You have to start a Dos Window before killing the Explorer process.
Then "explorer" to start it again.)
It hooked into login, but KillBox got it on bootup before it could
install its memory resident program.
SysInternals has some great tools for Watching processes, Controlling
startups, etc.
http://www.sysinternals.com/SystemInformationUtilities.html
Greg Little
PS Does this pest have a name?
---
[This E-mail scanned for viruses by Findlay Internet]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
