After work this evening, a family friend has presented me with a challenge. The challenge, that I have chosen to accept, is to clean and disinfect a brand new Toshiba Satellite L45 with Windows 7 operating system. _place_holder; Once again, I continue to be floored at the rampant use of administrator rights and only relying upon UAC for protection within Windows.
Anyway, here is how I tackled it. _place_holder;
Since the symptoms are recurring after a restart, it is either a bootsector issue or part of the Windows startup sequence. _place_holder; _place_holder;
-  _place_holder;Boot the system from a clean, trusted source. _place_holder; I am using the Trinity Rescue Kit v3.3. _place_holder; This is the version that I handy.
- Run a ClamAV scan, ‘virusscan’, and see what happens.
- Boot into Windows safe mode
- In looking at ‘msconfig’ in Windows, there is a program named 97688846 executing from c:\ProgramData\97688846\97688846.exe. _place_holder; This looks like the old Security Tool trojan.
- Remove references in the registry under HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER
- Delete the files associated with the trojan.
- Reboot the Windows into normal mode
- So far, so good. _place_holder; The system starts normally now. The next step is to update the virus tools and signatures. _place_holder; This will be a secondary verification that the system is clean.
The system passes a full scan with updated software and signatures. _place_holder; Another security tool trojan removed.