Reformatting and reinstalling might be a little overkill.
Search the registry for fystemroot. Change permissions on the key if
necessary (malware likes to make it read only). Change it to the correct
value (systemroot). Repeat for as many occurances of fystemroot that you
find.
-V
"Rascal" wrote:
>
>
> "Shenan Stanley" wrote:
>
> > Rascal wrote:
> > > First let me say that I am working on a friend's computer that I
> > > know has the Vundo trojan. I've read many posting and tried many
> > > tools (MalwareBytes, Microsoft Malicious etc, Super Anti Spware,
> > > Rootkit Revealer...etc) and most of them find things and clean them
> > > but the just come back.
> > >
> > > So, yes, they let their anti virus subcription expire and, yes,
> > > they have themselves to blame, and yes, I nag them about it, but
> > > sick puppies still end up coming back.
> > >
> > > I also know that this is not a microsoft issue, per se - and I have
> > > posted logs on bleeping computer and am currently patiently waiting
> > > and hoping that my issue will attract someone's attention.
> > >
> > > The reason for this post is, while I'm waiting I'm trying to learn,
> > > I'd like to get insight from this community on one particular
> > > aspect of the infection. The windows update service will not start
> > > - I get 'access denied'. And I notice that the path to the
> > > executable begins with %fystem% ...etc - (the f is not a typo).
> > > That can't be good.
> > >
> > > What do you think?
> >
> > Time to format. ;-)
> >
> > --
> > Shenan Stanley
> > MS-MVP
> > --
> > How To Ask Questions The Smart Way
> > http://www.catb.org/~esr/faqs/smart-questions.html
> >
> >
> >
>
> Ha! I'm pretty much assuming that. Thought I'd try other avenues first just
> for the heck of it.
>
> Maybe this time they will learn their AV lesson...
>
> tks
Similar Threads
Linear Mode
