Currently, I am the Antivirus Admin for our company and I have a problem that I have never run into before. I need/would like to solve this problem, in case it happens here at work on a critical system that can't be wiped and reloaded.
I have a machine at home, that due to the surfing and use habits of my children, has contracted a downloader/virus. The machine has been isolated from my network, so that is not an issue.
What is at issue, is that this particular virus strain/downloader has performed the following actions on my machine:
1. Disabled the Task Manager
2. Disabled the Run line
3. Disabled my ability to run a command prompt and closes all command line windows as soon as they're opened.
4. Disabled the computer management console so that I can't get to the services
5. Turned off the remote registry service, so that I can't use RegEdit remotely or PSKill, in order to kill processes running in the background
6. Turned off the remote desktop services, so that I can't remote into the machine.
7. Disabled my ability to get to any of the Antivirus vendors web pages.
8. When I try and start the computer in Safe Mode, I get the BSOD.
9. Disabled my ability to download and/or run .exe files, thereby keeping me from installing or using any cleaning tools.
The virus did overlook two things: 1) Even though I couldn't get to the Symantec/McAfee/Trend Micro web pages directly, I was able to get to Trend Micro's "House Call" page, which is their online AV scanner. It found the problem, but was unable to mitigate the problem. 2) I can backdoor into the C: drive and place files on the desktop and move my data files to the remote machine's HD after being scanned.
So...my question is this: What can I do to fix the problem and remove the virus, short of wiping the system and reloading it? Based on information given, would I even be able to run RegEdit, if I placed a shortcut to it on the desktop of the other machine?
