Greg, my favourite technique for restarting explorer is: CTRL-SHIFT-ESC to bring up Task Manager. Kill explorer.exe, then pull down File, New Task and launch explorer.exe ... This works especially well when you reboot but get no desktop. Also good things to launch are cmd (and WinFile.exe brought over from an older box!).
Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Greg Little > Sent: Monday, July 25, 2005 2:08 PM > To: [email protected] > Subject: Re: [Declude.Virus] OT: Online file check? > > Keep it off the network as much as possible. > Also a software firewall (like Zone Alarm) will help control > the "phone home for updates". > > Another tool I used for those "really hard to remove stains", > is KillBox. You can give it a list of files to be deleted at > the start of the next boot. > > I've had one that was still locked in memory (and recreating > itself to new file names and restoring reg keys) in safe mode > with explorer exited. > (You have to start a Dos Window before killing the Explorer process. > Then "explorer" to start it again.) > It hooked into login, but KillBox got it on bootup before it > could install its memory resident program. > > SysInternals has some great tools for Watching processes, > Controlling startups, etc. > http://www.sysinternals.com/SystemInformationUtilities.html > > Greg Little > > PS Does this pest have a name? > > --- > [This E-mail scanned for viruses by Findlay Internet] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
