Well, this would not have worked with the rooted machine I came across a couple of weeks ago. Any of the various ways to access TaskManager were denied. Hitting the power button, then tapping F-8 to try to get into SafeMode would not work - numerous attempts ended up with "regular mode" XP running.
The infected profile, a local admin on XP Home, did let me create a new administrator user. That new user was able to install MalwareBytes from a CD - no way to download anything with that root kit running! - and run it. Then this new user could finish running the assorted clean-up tools. -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 [email protected] P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. Micheal Espinola Jr <[email protected]> wrote on 09/04/2009 10:37:45 AM: > Of course, shortly after sending this I come across something decent > on page 7 of my most recent Google search. This one looks good, walks > through a Malwarebytes-based cleaning, and covers things that I > haven't seen in any other "guides" I have come across: > > http://www.geekpolice.net/malware-removal-guides-f12/remove- > windows-police-pro-removal-guide-t13546.htm > > However, I dont think it will work in all circumstances of a WPP > infection (particularly if the registry is corrupted and .exe's can be > run), but its worth a try. Even the Microsoft forum discussions on > this malware are useless. > > But of course, I say this one "looks good", since I havent had the > opportunity to try it yet. But I suspect I will very soon. > > -- > ME2 > > > > On Fri, Sep 4, 2009 at 11:21 AM, Micheal Espinola > Jr<[email protected]> wrote: > > If you havent heard of it already, start Googling it. Its the next > > big thing that you will be re-imaging infected systems for. > > > > I've seen it twice now, and its very messy. > > > > -- > > ME2 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
