Primux wrote:I'm far beyond "Starting with simple malware and moving myself up". I've been working with removing viruses and spyware for about ten years now. I'm just particularly fascinated with this particular virus. Ive encountered other viruses that I've had to remove by using a bootable CD, although I imagine there's a way I could have done it without having done that.
Here's a question to which I know the answer: What's to keep you from simply removing the registry keys/other startup entries that are loading the virus?
And here's a question to which I don't know the answer: Why can't you use something like pendmoves or gmer to perform a delayed-write operation to delete the files that the virus has infected before they're loaded at the next boot? Now obviously if it's infected something like ntoskrnl.exe then you can't delete that, but what if it hasn't yet attacked system files like that?
Users browsing this forum: No registered users and 0 guests