My client has installed Security Essentials 2010, which is a known fake "security" package that aims to scare you into paying 50 bucks to buy a "removal" program you don't need, and surrender your credit card details in the process. Google led me to the excellent BleepingComputer removal instructions at http://www.bleepingcomputer.com/virus-remo...essentials-2010
which I followed to the letter and which led to a successful removal of said scareware. (Kudos to BleepingComputer for that excellent article!)
Unfortunately there turns out to be a lot of collateral damage. Some would have be caused by the Trojan itself (blowing away system restore points and thereby preventing a roll-back) and disabling the recycle bin which prevents the undeleting of files). Other problems seem to be side-effects of the removal of the infection, the most important of which is that networking is totally broken.
All network devices in the Hardware Manager sport the dreaded yellow exclamation mark. Uninstalling the hardware device drivers for the wired and wireless networking adaptor (followed by subsequent discovery of the NICs as a new device and re-installing the driver) solves nothing. Extensive Google raids and the reading of many forum posts suggesting that I use Combofix (which I did) revealed that ndis.sys had disappeared. Re-installing a fresh ndis.sys from the XP install CD followed by a reboot resulted in a BSOD, and a cold reboot less than 2/10th of a second later, so that it's even impossible to read the BSOD text. Replacing ndis.sys with various other versions that were kicking around in the various install directories in C:\windows exhibited the same symptom. Obviously there's more wrong than just a missing ndis.sys.
The heart of the problem seems to be that either various drivers (or other networking subsystem components) have been broken or gone MIA as a side effect of the infection removal, to the point where it becomes impossible to uninstall them using regular methods. The Network Connections window in the control panel is empty, too. That means that the problem is compounded by the presence of a Novell Netware client (!) that can only be uninstalled from the Network Connections window, where it no longer appears, yet it is still very much alive and kicking. (Yes - the client has a Novell Netware 4.02 server in production. This is Africa - deal with it... )
So. I need a way to forcibly remove all broken networking components. Fire, sword, bulldozer, dynamite - whatever. Any suggestions would be greatly appreciated. This job has become a major headache... and for various reasons a re-install of XP will be an even greater pain in the interface layer between yours truly and his chair.
Could anyone point me in the right direction? Thanks!!!!
// Frank (now going to take some more aspirin)