We were able to run defogger, but only because it is so quick. DDS and GMER are killed as soon as the program window appears and we're offered a chance to buy some protection from viruses.
Task manager and regedit are similarly disabled and replaced with another offer for software purchase.
Internet explorer is also hacked - web pages appear as a fake warning about unsafe browsing with an offer to purchase surfing protection.
This is a 64-bit windows XP Pro machine.
Infected user is (was?) an administrator on the machine. Running as a least-priviledged user on our network prevents access to most registry keys.
Any assistance would be greatly appreciated! Thanks for your help.
- Bob at Work
Edited by Orange Blossom, 29 June 2010 - 09:17 PM.
Moved to AII as no logs posted and prep. guide not followed. ~ OB