The first mistake with any infection is to try and boot from the HDD (safe mode or not) and perform repairs. Any malware worth its miserable salt will see that eventuality. Boot from a CD/DVD with some reputable tools thereon. My preference being ERD Commander with several malware scanners, Autoruns and Registry Workshop.
-- Peter van Houten On the 04/09/2009 17:47, [email protected] wrote the following:
Well, this would not have worked with the rooted machine I came across a couple of weeks ago. Any of the various ways to access TaskManager were denied. Hitting the power button, then tapping F-8 to try to get into SafeMode would not work - numerous attempts ended up with "regular mode" XP running. The infected profile, a local admin on XP Home, did let me create a new administrator user. That new user was able to install MalwareBytes from a CD - no way to download anything with that root kit running! - and run it. Then this new user could finish running the assorted clean-up tools. -- Richard D. McClary Systems Administrator, Information Technology Group *ASPCA^® * 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 [email protected] P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 _www.aspca.org_ <http://www.aspca.org/> The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals^® (ASPCA^® ) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. Micheal Espinola Jr <[email protected]> wrote on 09/04/2009 10:37:45 AM: > Of course, shortly after sending this I come across something decent > on page 7 of my most recent Google search. This one looks good, walks > through a Malwarebytes-based cleaning, and covers things that I > haven't seen in any other "guides" I have come across: > > http://www.geekpolice.net/malware-removal-guides-f12/remove- > windows-police-pro-removal-guide-t13546.htm > > However, I dont think it will work in all circumstances of a WPP > infection (particularly if the registry is corrupted and .exe's can be > run), but its worth a try. Even the Microsoft forum discussions on > this malware are useless. > > But of course, I say this one "looks good", since I havent had the > opportunity to try it yet. But I suspect I will very soon. > > -- > ME2 > > > > On Fri, Sep 4, 2009 at 11:21 AM, Micheal Espinola > Jr<[email protected]> wrote: > > If you havent heard of it already, start Googling it. Its the next > > big thing that you will be re-imaging infected systems for. > > > > I've seen it twice now, and its very messy. > > > > -- > > ME2
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
