Re: BTE35.SYS Virus

I did install the Recovery Console and when I tried to boot the Recover
Console, it gave me a Bugcheck 7B.

"David H. Lipman" wrote:

From: "John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx>

| I was able to remove BTE35.SYS by puting the infected hard drive into another
| system and deleting that file.
| After that I put the hard drive back and it boot up fine. I removed all
| BTE35.SYS from the registry okay now. But when it was infected with
| BTE35.SYS, I could not remove it from the registry. There was some
| permissions problem before.
| Also all Administrator rights came back after BTE35.SYS was removed.
| I now running a full virus scan and spybot scan.
| BTE35.SYS was downloaded by Trogan.Pandex, The user said a "friend" gave a
| him a "screensaver" to install.
| Thanks

Malware will often protect the Registry keys that loads the malware as an act of self

Using a surrogate PC to perform a anti malware scan or to remove files is a good idea but
most people don't have a second PC, or the capability, to use a surrogate PC. That why my
suggestion was to to use the Recovery Console.

I still suggest installing the Recovery Console as it is easier to boot in to the Recovery
Console then it is to remove a harddisk from an infected PC and install it in a surrogate

Please read the following on this Trojan. Especially the Technical Details.
Trojan.Pandex --

I do strongly suggest using my Multi AV Scanning Tool (SpyBot in this case is insufficient)
as Symantec *may* miss peer files and other Trojans that may be on the PC. I suggest
starting with the Sophos module as Sophos was identified in the above URL as also knowing
this Trojan as;
Troj/Pushdo-B -

Multi-AV -


Relevant Pages