Re: BTE35.SYS Virus



I did install the Recovery Console and when I tried to boot the Recover
Console, it gave me a Bugcheck 7B.

"David H. Lipman" wrote:

From: "John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx>

| I was able to remove BTE35.SYS by puting the infected hard drive into another
| system and deleting that file.
|
| After that I put the hard drive back and it boot up fine. I removed all
| BTE35.SYS from the registry okay now. But when it was infected with
| BTE35.SYS, I could not remove it from the registry. There was some
| permissions problem before.
|
| Also all Administrator rights came back after BTE35.SYS was removed.
|
| I now running a full virus scan and spybot scan.
|
| BTE35.SYS was downloaded by Trogan.Pandex, The user said a "friend" gave a
| him a "screensaver" to install.
|
| Thanks
|

Malware will often protect the Registry keys that loads the malware as an act of self
preservation.

Using a surrogate PC to perform a anti malware scan or to remove files is a good idea but
most people don't have a second PC, or the capability, to use a surrogate PC. That why my
suggestion was to to use the Recovery Console.

I still suggest installing the Recovery Console as it is easier to boot in to the Recovery
Console then it is to remove a harddisk from an infected PC and install it in a surrogate
PC.

Please read the following on this Trojan. Especially the Technical Details.
Trojan.Pandex -- http://www.symantec.com/security_response/writeup.jsp?docid=2007-042001-1448-99

I do strongly suggest using my Multi AV Scanning Tool (SpyBot in this case is insufficient)
as Symantec *may* miss peer files and other Trojans that may be on the PC. I suggest
starting with the Sophos module as Sophos was identified in the above URL as also knowing
this Trojan as;
Troj/Pushdo-B - http://www.sophos.com/virusinfo/analyses/trojpushdob.html
http://www.sophos.com/security/analyses/search-results/?search=Pushdo&product_search=virus_search&action=search&submit.x=61&submit.y=13


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



.



Relevant Pages