Posted 18 May 2008 - 11:20 PM
Ah, I wondered about that. So I'm running the drive in the original comp again and have gone to safemode, found a bunch of stuff in temp and Temp int files (I had deleted everything in there this AM so????) that seemed to be from this attack, such as 'monstermarketplace...something or other', and deleted those and emptied recycle bin. Rebooted normal and it's running faster, Trend immediately gave a 'Troj_mutant.co' also. but still the wrong desktop color. I did have a task bar for a bit but that is now gone, and no start button, windows key doesn't work either, so I can't access programs nor 'run'. Hmmm.
Any thoughts on Trend's 'Suspect' file? should I empty that in safemode? Also, when this was a slave in the other comp I 'explored' it and C:/windows/temp had stuff in it. When I first booted into safemode and could go to 'explore' I looked at that and it was empty, but I hadn't done anything in the meanwhile. ???
I saved a copy of the registry a couple of weeks ago btw, if that's of interest.
Thanks for your help