Originally Posted by
gas path
I've just spent an interesting couple of hours getting shot of this from a friends PC. It had crippled the desktop and Avast (first failure I've ever had after loading Avast free for a couple of dozen people). A 'safe mode' scan with MBAM found nothing!!! I then tried RKILL which gave me back control. Another scan with MBAM didn't find anything either
. I also ran CCleaner. However on a complete restart it's now gone and I cant find any lingering trace?
I thought RKILL just gave back control while the infection was dealt with, so I'm at a loss as to where the files and reg entries are. Any idea anyone?
Safe Mode MBAM needs to be done in Safe Mode with Command Prompt, as most of the newer variants of virus embed themselves in explorer.exe and hence are active even in safe mode. Hence you need to manually start MBAM.EXE from the command prompt.