Re: Klone Virus

From: "Gary S. Terhune" <grystnews@xxxxxxxx>

| Thank you, ;-)
|
| Still (and I ask this in all seriousness), if Klone requires treatment from
| outside the OS, as suggested by your mention of the Recovery Console, how
| does a Windows-based AV or any other scanner running from within Windows,
| deal with it?
|
| And, particularly since I deal in legacy Windows (98 mostly), when cleaning
| up Klone and similar items wouldn't the use of BART's PE, for example, be
| even better than running Multi_AV, etc., in Safe Mode?
|

Running the Multi ACV Scanning Tool in Safe Mode will increase the chance of removal of some
malware that can't be removed in Normal Mode becuase it hopefully has NOT been loaded. In
the case of the Klone Trojan, it is loaded in both Safe and Normal Modes.

The way to to remove the Klone is you would have to kill/suspend theose process that have
loaded the DLL and thus the DLL File Handle will no longer be held open and the Registry
entries no longer protected. Some anti malware utilities have this capability or have it to
some degree.

You would want to go through the anti malware utilities first to get the easiest to emove
malware and then when you can't remove something then you may have to resort to more radical
actions such as the Recovery Console method.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.