1

I have this weird mount icon after a trojan cleanup days ago for a client. The icon when clicked takes you to the My Computer guid. The file properties are Type: File, Location: C:\, Size: 6.76. If we try to delete it will not complete. I search registry for a reference and couldn't find. They ran utility for virus removal 'combofix', sdfix, smithfraud, ect. Im gessing this could be related (mount).

The icon on the file structure in My Computer shows a device similar icon. When this icon is clicked it goes back to my computer browser.

i77.photobucket.com/albums/j65/speedcoder/snap.jpg

How can I take this guy off?

codex73
  • 185
  • 2
  • 11
  • Before you cleaned up did you disable System Restore? Viruses can replicate copies of themselves using that. Disable System Restore and clean up in Safe Mode to be sure you get everything. – SQLChicken May 28 '09 at 14:09
  • Exactly what happens when you try to delete it? – Adam May 28 '09 at 14:37

2 Answers2

0

Try:

  • Deleting it in Safe Mode
  • Taking ownership of it
  • Running chkdsk
  • Booting from a LiveCD like SystemRescueCd or even just an Ubuntu CD and deleting it from there.
  • Working through this MS KB article
Adam
  • 2,810
  • 22
  • 18
  • Ill try the suggested. The problem is that if you open a command prompt it will not show there. Looks like a device icon but acts like a shortcut. – codex73 May 28 '09 at 14:51
  • And it goes without saying that the data on this machine should be backed-up! – Adam May 28 '09 at 15:00
0

When you need to clean a system infected with malicious code:

1) Archive the user data

2) Some some other system, or at least some kind of rescue CD, to scan the data for traces of malicious code.

3) Clean install the system, including MBR on the disk. For the paranoid, re-flash BIOS code on all components.

4) Restore the scanned/cleaned user data to the rebuilt system.

In my opinion, do not waste time trying to clean a compromised system in place - with today's malicious code, e.g., root kits, this is impossible.

pcapademic
  • 1,670
  • 1
  • 15
  • 22