badsrc-c infection need help removing from windows

[AlexPilot]

Have a case of a bad infection of Badsrc-C which has infected a teachers laptop and she has bought into school. The process tab shows several unusuall .exe files and others running like Zero.txt blank.doc, Sophos has not been able to remove it and their sav32cli shortcut is unable to open the boot\bcd.

Looking for help in removing this virus if anyone has any great tips. Also the virus likes to infect any .exe you try to run.

[bizzel]

Grab any work you can and nuke it from orbit! Also, make sure it's fully network isolated (I'm sure you know that anyway). Maybe Bitdefender Free can sort it out?

[AyatollahPies]

Do you have a bootable PE disc such as UBCD4win or Bart's PE?

(Google them for more info)

They have anti-virus software on that should be able to help you. You boot to the disc rather than windows, so cleaning your system is far easier.

[AlexPilot]

Grab any work you can and nuke it from orbit! Also, make sure it's fully network isolated (I'm sure you know that anyway). Maybe Bitdefender Free can sort it out?

I did nuke her desktop because it was a school one and she should of saved her work to the network share. However she is not to happy about me doing it to her laptop. It may be the final option but looking at every avenue first. I will give bitdefender a try.

[Sirbendy]

Had a few of these, damn staff.

Download "IttyBitty Process Manager" to a pen, boot laptop in safe mode, run that and nuke any suss processes. I've seen things merrily hide from taskman.

Use MSCONFIG to stop any startup nonsense.

Bog off the resident AV - if it was any use it wouldn't get into that mess. I always install Avast! AV, and set for boot time scan.

Boot it, let it run through and raise eyebrows as you nuke the nasties.

If all else fails, build and boot off a PEBuilder CD, ghost the laptop HDD off to an image on the network, nuke the heap and start again, then get the AV installed and tested OK, and THEN copy the files out of the ghost image using Ghostwalker. Any nasties get nuked by the (now functional) AV.

I've lost count of the amount of machines that cross my path in a hideous /unuseable state with AV that's merrily reporting all systems go. IMO, if you can't backup your data you deserve to lose it. Not that I ever do.

[Geoff]

Avast have a boot CD you can download to scan your PC with.

avast! BART CD

[tomscaper]

I would tell her, that its to late only option is to wipe it, if she doenst like it she can go elsewhere.

I did nuke her desktop because it was a school one and she should of saved her work to the network share. However she is not to happy about me doing it to her laptop. It may be the final option but looking at every avenue first. I will give bitdefender a try.