... another quick approach to combating this virus... set up a Path Rule that disallows the evil .exe from ever running. Go to control panel>administrative tools> local security policy>software restriction policies>additional rules>new Path rule. Hit the browse button and head for the users ( or docs and settings )>user name>appdata>local folder, look for a folder called 'werwerw' or similarly non-official looking, open it and select the .exe file. Make sure the policy is set to 'disallow', hit apply, okay, reboot.
When it comes back up, your Pc will function normally, so at that point you can use the app of your choice to remove the nastiness. I've used this approach many times, and what's nice about it is that it's really quick and easy, and doesn't require safe mode booting. You'll need to make sure your folder options are checked for 'view hidden files' in order to see the appdata folder. Hope it helps! dave -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Pete Theisen Sent: Wednesday, March 10, 2010 2:56 AM To: [email protected] Subject: Re: Vista Internet Security 2010 virus Michael Madigan wrote: > Combofix was the ONLY program that removed a mass-mailing virus that had infected my machine. Now I use it FIRST. > > Now I run it about once a week regardless whether I think I'm infected or not. Hi Michael, Using only Linux, I never give it a thought. -- Regards, Pete http://pete-theisen.com/ http://elect-pete-theisen.com/ [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/003201cac052$b9dd9bc0$2d98d3...@com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
