i've got a client here that, for the THIRD time, has been infected with 3 different fbi virus.......... This time its the Department of Defense and i cannt use Hitman/kickstart as its expired. For kicks i tried it and it wont even launch in front of the virus (all three options). I have removed these viruses countless times and have run into a wall. Here is everything i have tried:
safe mode with cmd prompt. after launching mbam, combofix, hitman, or anything for that matter, the DOD screen immediately comes up and covers the entire screen.
mbam using bootable media. Only found one PUP which was unrelated to the DOD virus.
manually searching through all user account's app data roaming folder.
checking files/folders modified within the last 30 days, nothing comes up out of the normal as far as i saw when browsing app data folder and windows folder.
So my problem is i cannot run anything on the computer to remove this thing and hes needing it by tonight. I doubt i will get it back to him today. I have tried finding manual removal guides online but everything is saying to just use mbam or hitman, which i cannot.
i was ONCE able to launching Sysinternals Process Explorer and found that it was running off of svchost.exe but didnt get the location. Is this a new variant to the virus?
UPDATE hang on, i forgot about the old trick of using KAV win unlocker! Ill update if it fixes it or doesnt....
UPDATE 2! It looks like that has worked. I'm moving on to doing the removal.
Edited by BewareOfButtlice, 18 June 2014 - 05:07 PM.