Comment A vicious cycle (Score 1) 344
The problem with AV removal tools is that once the infection is in place it's near impossible to run them. (at least in normal mode) The infection will often create restrictive GPO's, a chain of self replicating drivers/ services/ scheduled tasks/ startup entries so that even if one piece is removed it will be recreated.
The best way to remove a virus is from a bootable environment which can remotely bind to the registry. Then it's just a matter of disabling the startup entires, deleting the install directories, removing the GPO's and deleting the malicious services and drivers. You can even run a command line version of the mentioned removal tools in bart pe to get the rootkits and hidden system file infections.
The majority of infections I see are the rogue security software where they infect you then tell you to pay to remove it. What's interesting is the company "witabett" provides technical support for their fake AV products after victims have purchased them! Check out their complaint board it even provides a support phone number... Excellent drunk dialing material for my geeky friends.
The best way to remove a virus is from a bootable environment which can remotely bind to the registry. Then it's just a matter of disabling the startup entires, deleting the install directories, removing the GPO's and deleting the malicious services and drivers. You can even run a command line version of the mentioned removal tools in bart pe to get the rootkits and hidden system file infections.
The majority of infections I see are the rogue security software where they infect you then tell you to pay to remove it. What's interesting is the company "witabett" provides technical support for their fake AV products after victims have purchased them! Check out their complaint board it even provides a support phone number... Excellent drunk dialing material for my geeky friends.
