Jump to content

Rob Roberts

Members
  • Content Count

    3
  • Joined

  • Last visited

About Rob Roberts

  • Rank
    Newbie
  1. Preview mode doesn't always show you all the data that doesn't show up. Try this full post.
  2. I am aware of some solutions to disabled taskman and regedit, but all only work in safe mode without blocking as far as I can see. I am also concerned about "legitimate" products that may simply install additional malware. Besides SAS, I ran SpySweeper and AdAware. My next attempt will try Malwarebytes as well. Not sure if version, core, and trace are all the current versions. I pulled a new version off the site Monday morning and updated as soon as I could get the networking running in safe mode (and bypass the scamware.)
  3. Issue was with an office computer user with domain priveleges, so cleaning the system from the administrator login didn't help much. When in normal safe mode (no networking) I was able to eradicate some standing files and registry entries, though they returned immediately. SAS blocked a bit, but this version of SAFE mode at least allowed me to hit Regedit and Taskman. Rebooting to SAFE with NETWORKING, however, ran everything up again. Both Regedit and Taskman are blocked, as are the file functions to show hidden files. SAS detected both the Registry and Taskman blocks as well as Trojan.Smitfraud Variant-Gen/Bensorty, Trojan.Agent/Gen.-exploit, various Adware tracking cookies, and Malware.Trace. I selected all to be removed and they show successful removal. I respond "yes" to reboot the computer. Log back in to the domain, still in safe mode with networking. Cannot Regedit or Taskman. Re-run SAS and it still finds the Registry and Taskman blocks and removes them. Reboot. THEY'RE BACK. Any possible solution to this mayhem? I cannot simply boot in as the user with the domain access, as the domain will not be able to verify if no networking is present. Something is still out there and I can't see the hidden files. BTW, this is the version with handlerfix707700.exe and also appears to have a link to idrfrnv.dll (can find no information on this.) I've removed admin access for this user, so there will be no more malware installs. (this process also blocks the malware from doing any further damage as far as I can tell.) Any suggestions?
×
×
  • Create New...