Posted 22 March 2010 - 11:46 AM
Okay, I'm helping a nontechnical friend with a nasty rogue antivirus, Vista Smart Security 2010.
REGEDIT is of course disabled, but this malware version has gone one step cleverer. The removal methods I've seen so far start with restoring *.exe functioning by creating a text file named something like "exefix.reg" and executing it directly to patch the registry. HOWEVER, even this fails because the malware has set a group policy to prevent THAT as well! And then of course, the malware pulled up the ladder behind itself, so that you can't find or edit that policy, even logged in Safe Mode. Is there some other way, short of OS reinstall, to restore enough function to get legitimate removal tools working?