A little background: I'm a tech with years of experience removing junk from computers. Right now my own machine is busted, so for the time being I've been using my girlfriend's box to access the internet.
Well, she hasn't been listening to me and had a few nasties loaded on her machine, the worst being some hellish Virtumonde variant. No matter which utility I use, taking out Virtumonde's registry entries also takes down the SOFTWARE registry hive. I've attempted this using AdAware, Spybot Search and Destroy, TrojanRemover, Windows Live Onecare online scanner, VirtumondeBeGone (Or maybe it was VundoBeGone, can't recall), and VundoFix.
After hitting "last good configuration" a few times, normally I can get the system back up, but this also restores Virtumonde's registry entries.
This last attempt, no option after hitting F8 prevents the stop error.
Reformatting is not an option, neither is a recovery install (no disk, and the built-in recovery partition of her computer is woefully outdated [it would take longer to reinstall and update than it would to figure this problem out).
So far my shiny new Ultimate Boot Disk for windows fails to actually run on that machine (inexplicably reboots), so that's one option I'm now forced out of. I haven't been able to try using a USB version yet - the machine I'm writing this post from is an 800Mhz Celeron box with USB 1.1 ports and DMA controllers that only go up to level 2(!).
I'm going to try booting from Knoppix and fiddling with some of the system restore snapshots to see if I can at least get the SOFTWARE hive functioning again. Or, I would if the NTFS file system could be accessed by it (my Knoppix build requires a clean windows shutdown in order to access NTFS volumes).
Oh, did I mention that I've been at this for a solid week? I've been here at her house, unable to even snuggle with my cats... Please help me.
Edited by Orange Blossom, 17 January 2009 - 11:06 PM.
Moving from HiJack This forum to Am I Infected as there are no logs posted. ~ OB