Posted 19 February 2010 - 07:12 PM
I had a minor tilt with an infected system a couple of days ago, one of the fake AV programs such Security Essentials 2010.
I had the user stop using the system and do a hard shutdown.
When I got the system, I removed the hard drive and connected it (SATA) to one of my systems, as a secondary drive. I always have Malwarebytes, Avira Free, and SUPERAntiSpyware installed, so I felt protected.
I had previously scanned my own system with each of the apps mentioned. So I only scanned the suspect drive.
I ran the Malwarebytes scan first, it detected the known malware item and a couple of others, deleted same, rebooted.
I then ran Avira Free, which found 10 or so more malicious items, which I then deleted.
Finally, I ran SAS, which found 1 additional item, selected Bear Share as something to remove...and found a number of cookies. I deleted all of them.
Put hard drive back in system, booted, ran Avira again...which found a few more registry items...deleted those.
System now works properly.
The moral of this tale? There is, IMO, seldom only 1 item to be concerned about...and using just one program for attempts at resolution are likely to be "fools gold".