They delivered the computer last Saturday afternoon and I thought I could clean the machine in an hour as I normally do. The computer gave me access via Safe Mode and I tried to run Combofix (I downloaded it on another computer). Unfortunately Combofix froze and then I tried Malware Bytes which didn't pick up any issues.
I then manually cleaned the machine. I used msconfig to identify the virus components. I unclicked them and then went to the folders and removed the files.
As it was an XP machine I looked for files in "Program Files" and in the settings area in "c:\programs and settings\\local\application settings".
These viruses also usually install a driver so I started up device manager and clicked on "Show Hidden Devices" and in the non-plug and play section I recognised the virus driver and removed it.
This allowed me to start the computer normally except the taskbar did not come up. This is usually a problem with explorer. After trying a few things I went in the registry and noticed that the setting:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon/Shell
had cmd.exe instead of explorer.exe. I fixed this setting and the computer booted normally. As for Combofix, I think that it froze because the client had 3 anti-virus programs running simultaneously.
No comments:
Post a Comment