On Thu, Jan 12, 2012 at 11:54 AM, Eric Wittersheim <eric.wittersh...@gmail.com> wrote: >> Take the drive out and slave it to another machine >> for malware scanning. > > You should also try the scans in safe mode.
I would advise against that. If you're going to try and recover a compromised machine, the first thing you need to do is get running in an environment you can trust. Safe Mode is still depending on a computer *you know is compromised*. All sorts of malware is known which can still subvert the machine in Safe Mode. Remove the drive, attach the drive as a secondary drive to a known-clean computer, and scan it using the known-clean computer's software. This will still only find known malware, but at least you're not trusting a known-bad computer. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin