I have found that these viruses are quite invasive on what they do. A class of the viruses actually install an MBR virus, an executable that runs from a temporary folder and also a rootkit that gets latched onto a driver in c:\windows\system32\drivers
I have had good luck using BootICE to correct the MBR and PBR issue, using standard AV/AM to clean the infection and then taking an known working system that is similar/identical and copying the files from the known good C:\Windows\System32\drivers into the bad. Reinstalling windows of course is an option as well. On Sun, Dec 16, 2012 at 7:42 PM, Bobby Heid <[email protected]> wrote: > Thanks! I will check it out when I put the drive back in (Ghosting it > now). > > Bobby > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jeff Lane > Sent: Sunday, December 16, 2012 7:35 PM > To: [email protected] > Subject: Re: [H] Infection question > > Bobby, > > I know you ran system restore, but these things will sometimes corrupt your > anti-virus and Windows accessible system restore. I have had much more > success starting in safe mode command prompt and entering rstrui.exe at the > DOS prompt. This will open a fresh unaffected copy of system restore, and, > you can usually check the box at the bottom to restore some older ones, if > really necessary. Hope this helps. > > Jeff > > > So far, it "appears" clean after all of the malware scans. > > Thanks, > Bobby > > > Trojan.MalJava!gen21 is usually installed by malware to download > advertising > files. If you can find out which malware installed it, you can possibly > search for removal methods. > > > > On 12/16/2012 3:08 PM, Bobby Heid wrote: > > Hey, > > > > > > > > Before I nuke a friend's laptop, I figured I'd throw it out here to > > see > what > > I can get. > > > > > > > > She downloaded something and then started getting blue screens. This > > is where I got it. I started it in safe mode and ran anti-malware > > bytes (several times), SpyBot, super antispyware, online Symantec > > scanner, and some other online scanner. > > > > > > > > Malware bytes cleaned several items, so did Spybot. The Symantec > > scanner said it had the Trojan.MalJava!gen21 (iirc). I have not ran > > the Symantec one since the others cleaned stuff. The other online > > scanner found > nothing. > > Malware bytes and Spybot now return clean. > > > > > > > > If I boot into normal mode (Vista Home), I do not get blue screen > anymore. > > But I get the progress bar from the Vista start screen, then the > > screen > goes > > black. I can see the HD access for a while, then nothing. This > > leaves me to believe that it might have been one of those scare ware > > infections that do not let you get to your desktop. > > > > > > > > Any ideas before I nuke and repave? Going to wipe it in the next few > hours > > if I don't hear anything. > > > > > > > > Thanks, > > > > Bobby > > > > > > > >
