[AccessD] Latest Outrage from Symantec

John Bartow john at winhaven.net
Mon Apr 16 23:03:28 CDT 2012 

Another approach is to either:
-boot an OS from a CD or USB drive
-mount the HD to another PC
Then clean it without running the HD's OS

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Jim Dettman
Sent: Monday, April 16, 2012 3:55 PM
To: 'Access Developers discussion and problem solving'
Subject: Re: [AccessD] Latest Outrage from Symantec


 Problem was, it was more then just registry changes.  Any restore point I
went to yielded a system that quickly re-loaded the rootkit and the viruses
(with in a matter of minutes).

 If I ran TDSKiller and ComboFix, I got a clean system, but explorer.exe
would not work (nor any program) and if I restarted, I had an un-bootable
system.

 I might have had better luck with just restoring the registry rather then
using a restore point, but after fooling with it for almost seven hours, I
figured enough was enough and wiped it.

 Like I said, it was a real nasty piece of work.  Worst I've ever seen.

Jim.

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Mark Simms
Sent: Monday, April 16, 2012 04:09 PM
To: 'Access Developers discussion and problem solving'
Subject: Re: [AccessD] Latest Outrage from Symantec

Registry back-ups are CRITICAL.



--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list