Re: BTE35.SYS Virus
- From: John <John@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 28 Jan 2008 18:26:10 -0800
I did install the Recovery Console and when I tried to boot the Recover
Console, it gave me a Bugcheck 7B.
"David H. Lipman" wrote:
From: "John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx>.
| I was able to remove BTE35.SYS by puting the infected hard drive into another
| system and deleting that file.
| After that I put the hard drive back and it boot up fine. I removed all
| BTE35.SYS from the registry okay now. But when it was infected with
| BTE35.SYS, I could not remove it from the registry. There was some
| permissions problem before.
| Also all Administrator rights came back after BTE35.SYS was removed.
| I now running a full virus scan and spybot scan.
| BTE35.SYS was downloaded by Trogan.Pandex, The user said a "friend" gave a
| him a "screensaver" to install.
Malware will often protect the Registry keys that loads the malware as an act of self
Using a surrogate PC to perform a anti malware scan or to remove files is a good idea but
most people don't have a second PC, or the capability, to use a surrogate PC. That why my
suggestion was to to use the Recovery Console.
I still suggest installing the Recovery Console as it is easier to boot in to the Recovery
Console then it is to remove a harddisk from an infected PC and install it in a surrogate
Please read the following on this Trojan. Especially the Technical Details.
Trojan.Pandex -- http://www.symantec.com/security_response/writeup.jsp?docid=2007-042001-1448-99
I do strongly suggest using my Multi AV Scanning Tool (SpyBot in this case is insufficient)
as Symantec *may* miss peer files and other Trojans that may be on the PC. I suggest
starting with the Sophos module as Sophos was identified in the above URL as also knowing
this Trojan as;
Troj/Pushdo-B - http://www.sophos.com/virusinfo/analyses/trojpushdob.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
- Prev by Date: Re: BTE35.SYS Virus
- Next by Date: Re: BTE35.SYS Virus
- Previous by thread: Re: BTE35.SYS Virus
- Next by thread: Re: BTE35.SYS Virus