Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 6772 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can any of Sophos free tools remove desktop.ini from windows\assembly\gac folder?

psungman

Hi, I have spent the better part of this weekend trying to get rid of viruses, trojans, and rootkits, that infiltrated my computer on Thursday, and I wasn't even on the Net, that  long. One must have gotten in there and then started randomly infecting areas. Anyway, I have been able to remove a lot of the culprits, but that sirefef has locked in on some places, but the worst seems to be that C:\windows\assembly\gac\desktop.ini.

I don't know why not only Sophos, thanking them for the products and support, but a lot of other antivirus programs seem to eradicate most of the infection, but the one I have really narrowed it down to, seems to be doing the most damage, and, of course, it keeps reinventing itself even after supposedly being deleted by Avast, AVG, AntiMalwarebytes, and other proggies.

So, does anyone have or run across any methods to disinfect a computer with that malady? If so, can it be done with Sophos stuff or do I have to do that Combofix procedure ( would rather not, from my intuition)? Anyway, get back to this thread when you can and I will run some more Sophos stuff to keep attacking, haah, have to be on the offensive, psungman

:29277


This thread was automatically locked due to age.
Parents
  • 0

    Hello psungman,

    this being "just" a forum and not a 7*24 support line you can't expect immediate replies - especially on weekends.

    I understand that someone wants to get rid of nasties ASAP, a methodical approach - even if it seems tedious and in some respects slow - usually produces better results.

    If your own (on-access/real-time) own antivirus program is [...] rendered unusable its vendor (whether commercial or free) should hear about and might be interested in the details and perhaps some samples. Admittedly this is hard if you have access to only one computer - but then how do you obtain the "other tools" in this case. Running one or more "cleaners" might destroy useful evidence. Making the computer work again after an infection doesn't protect it in the first place (and also not "immunize" it against the particular threat). 

    As you've seen the Restore Points aren't a cure-all. Malware not only often deliberately removes RPs (which is otherwise a legitimate operation) but sometimes also take advantage of them by placing itself there. Furthermore RPs don't guarantee that the system was consistent at the time they were taken. Thus clearly only prevention can be the final answer as a complete remediation is impossible.  

    Christian

    :29309
Reply
  • 0

    Hello psungman,

    this being "just" a forum and not a 7*24 support line you can't expect immediate replies - especially on weekends.

    I understand that someone wants to get rid of nasties ASAP, a methodical approach - even if it seems tedious and in some respects slow - usually produces better results.

    If your own (on-access/real-time) own antivirus program is [...] rendered unusable its vendor (whether commercial or free) should hear about and might be interested in the details and perhaps some samples. Admittedly this is hard if you have access to only one computer - but then how do you obtain the "other tools" in this case. Running one or more "cleaners" might destroy useful evidence. Making the computer work again after an infection doesn't protect it in the first place (and also not "immunize" it against the particular threat). 

    As you've seen the Restore Points aren't a cure-all. Malware not only often deliberately removes RPs (which is otherwise a legitimate operation) but sometimes also take advantage of them by placing itself there. Furthermore RPs don't guarantee that the system was consistent at the time they were taken. Thus clearly only prevention can be the final answer as a complete remediation is impossible.  

    Christian

    :29309
Children
No Data