I have a Notebook with this virus that start on boot and close taskmanager and other application,
I've tryied with a WindowsPE to check common registry boot key but I don't find any strange key.
Now I'm trying to execute combofix at RunOnce key, and it start fine, but befor it start, the virus come up!!!
I'v made a little exe that execute combofix and I put it in RunOnce, and it is ok, it start with Windows not fully loaded,
I run combofix, but when combofix start it close my application and windows start run and the virus come!!!
There is some command line to combofix to prevent kill a process by name?
example: combofix.exe /Exclude=app.exe
Thanks in advance