T
trant
A friend brought me his computer which has Windows XP Pro SP3 on it. He
complained about a virus and not being able to access the Internet (IE gets
hijacked).
While trying to fix it I am noticing something on this machine is preventing
me from running certain programs (exe files). For example I couldn't run
HijackThis. I would double click it's icon and the hourglass would appear for
a brief few seconds then go away and the program never launches. Looking in
Task Manager or Process Explorer I see the process gets started, then DPC
kicks in or crss.exe and the process I ran goes away. It's as if the virus
has some kind of interrupt which allows it to filter any process and kill it
if it determines it to be something potential detrimental to it's survival.
Any idea how this virus could do this so that I can remove this capability?
Needless to say nearly all my antivirus programs are being blocked. It
allows AVG to run possible because AVG was already installed but AVG is
unable to detect it or remove it. I know it finds something called
Win32.Crypto but it is unable to remove it (it keeps coming up again and
again)
complained about a virus and not being able to access the Internet (IE gets
hijacked).
While trying to fix it I am noticing something on this machine is preventing
me from running certain programs (exe files). For example I couldn't run
HijackThis. I would double click it's icon and the hourglass would appear for
a brief few seconds then go away and the program never launches. Looking in
Task Manager or Process Explorer I see the process gets started, then DPC
kicks in or crss.exe and the process I ran goes away. It's as if the virus
has some kind of interrupt which allows it to filter any process and kill it
if it determines it to be something potential detrimental to it's survival.
Any idea how this virus could do this so that I can remove this capability?
Needless to say nearly all my antivirus programs are being blocked. It
allows AVG to run possible because AVG was already installed but AVG is
unable to detect it or remove it. I know it finds something called
Win32.Crypto but it is unable to remove it (it keeps coming up again and
again)