Malwarebytes is one that is commonly blocked along with the task manager. I often use SuperAntiSpyware to scan along with sysinternals process explorer to temporarily kill the malevolent processes. Combofix is good if needed after your SuperAntiSpyware scan. We've been seeing variants in our office that set all program files and everything in the user profile to hidden which is extra irritating as it hides eveything in their network profile as well as on their local machine.<div>
<br></div><div>Reformatting is always the safest option and if the three items above don't clean it I don't waste any additional effort.<br><br><div class="gmail_quote">On Fri, Jun 24, 2011 at 6:39 AM, Steve VanSlyck <span dir="ltr"><<a href="mailto:s.vanslyck@spamcop.net">s.vanslyck@spamcop.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><a href="http://malwarebytes.com" target="_blank">malwarebytes.com</a><br>
<div><div></div><div class="h5"><br>
----- Original Message -----<br>
From: "Thomas W. cranston" <<a href="mailto:cranston.thomas@gmail.com">cranston.thomas@gmail.com</a>><br>
To: Central OH Linux User Group - 432xx <<a href="mailto:colug-432@colug.net">colug-432@colug.net</a>><br>
Date: Thu, 23 Jun 2011 23:41:25 -0500<br>
Subject: [colug-432] Malware<br>
<br>
> I need a link to a malware detector. There is malware that infects<br>
> winders, and won't let you do AV updates, or even go to any AV site<br>
> (Norton, etc).<br>
><br>
> I ran into this before fixing a neighbors winders box. There was a link<br>
> to a test that confirmed whether or not a machine was infected w/this<br>
> particular malware or not, and then instructions for removing it. Can<br>
> anybody send me a link to the detector, or remember the name of that<br>
> malware.<br>
><br>
> Tom<br>
> _______________________________________________<br>
> colug-432 mailing list<br>
> <a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br>
> <a href="http://lists.colug.net/mailman/listinfo/colug-432" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
><br>
_______________________________________________<br>
colug-432 mailing list<br>
<a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br>
<a href="http://lists.colug.net/mailman/listinfo/colug-432" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
</div></div></blockquote></div><br></div>