Just reading this makes me cringe. Why not wipe and rebuild? Data's relatively easy to extract from an infected machine with an extrenal HD and booting with the UBCD4Windows. I could never trust a machine that's been owned so thoroughly.
On Fri, Sep 4, 2009 at 11:47 AM, <richardmccl...@aspca.org> wrote: > > Well, this would not have worked with the rooted machine I came across a > couple of weeks ago. Any of the various ways to access TaskManager were > denied. Hitting the power button, then tapping F-8 to try to get into > SafeMode would not work - numerous attempts ended up with "regular mode" XP > running. > > The infected profile, a local admin on XP Home, did let me create a new > administrator user. That new user was able to install MalwareBytes from a > CD - no way to download anything with that root kit running! - and run it. > Then this new user could finish running the assorted clean-up tools. > -- > Richard D. McClary > Systems Administrator, Information Technology Group > > *ASPCA®* > 1717 S. Philo Rd, Ste 36 > Urbana, IL 61802 > > richardmccl...@aspca.org > > P: 217-337-9761 > C: 217-417-1182 > F: 217-337-9761 > *www.aspca.org* <http://www.aspca.org/> > > > The information contained in this e-mail, and any attachments hereto, is > from The American Society for the Prevention of Cruelty to Animals® (ASPCA > ®) and is intended only for use by the addressee(s) named herein and may > contain legally privileged and/or confidential information. If you are not > the intended recipient of this e-mail, you are hereby notified that any > dissemination, distribution, copying or use of the contents of this e-mail, > and any attachments hereto, is strictly prohibited. If you have received > this e-mail in error, please immediately notify me by reply email and > permanently delete the original and any copy of this e-mail and any printout > thereof. > > > Micheal Espinola Jr <michealespin...@gmail.com> wrote on 09/04/2009 > 10:37:45 AM: > > > > Of course, shortly after sending this I come across something decent > > on page 7 of my most recent Google search. This one looks good, walks > > through a Malwarebytes-based cleaning, and covers things that I > > haven't seen in any other "guides" I have come across: > > > > http://www.geekpolice.net/malware-removal-guides-f12/remove- > > windows-police-pro-removal-guide-t13546.htm > > > > However, I dont think it will work in all circumstances of a WPP > > infection (particularly if the registry is corrupted and .exe's can be > > run), but its worth a try. Even the Microsoft forum discussions on > > this malware are useless. > > > > But of course, I say this one "looks good", since I havent had the > > opportunity to try it yet. But I suspect I will very soon. > > > > -- > > ME2 > > > > > > > > On Fri, Sep 4, 2009 at 11:21 AM, Micheal Espinola > > Jr<michealespin...@gmail.com> wrote: > > > If you havent heard of it already, start Googling it. Its the next > > > big thing that you will be re-imaging infected systems for. > > > > > > I've seen it twice now, and its very messy. > > > > > > -- > > > ME2 > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~