Yes, I know by rights it should be flattened and paved and I intend to do so, but at this point I'm just curious about how it's getting done. Unfortunately time hasn't allowed for me to do a bunch of poking around with Process Explorer and the like. Mostly I like to see how these things work so as to help identify them in the future.
-- Durf On Thu, Aug 14, 2008 at 2:31 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote: > Not seen this particular piece of malware, but in the grand scheme of > things, if the PC got infected, then can you really trust it by just > uninstalling the AV. You could use Procmon and Filemon/Regmon and find out > which dll's ( Its probably a dll hooked into IE or other utilizes which > means its got some root-kit type action) and try and figure out what is > doing the re-direct, but the best issue would be use a boot and nuke CD and > wipe the entire disk clean ( 7 rounds, 3 passes) and start new. > > > > Z > > > > Edward E. Ziots > > Network Engineer > > Lifespan Organization > > MCSE,MCSA,MCP,Security+,Network+,CCA > > Phone: 401-639-3505 > ------------------------------ > > *From:* Durf [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, August 14, 2008 2:26 PM > *To:* NT System Admin Issues > *Subject:* "Vista Antivirus 2008" malware removal > > > > > > > > > > > > > -- -------------- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
