|
In my experience, the virus disables McAfee before McAfee knows what's going on. It truly is making me crazy. It registers a dll and a handle and associates them with winlogon.exe and explorer.exe. You can't rename them or delete them because they are always in use, even in safe mode. When you delete their registry keys, the virus re-creates them immediately. Truly maddening. Now, I boot with a floppy boot disk and delete them through DOS. You can use process explorer to stop the handle association and then rename the files also, but until you've removed the handle association, it just keeps coming back.
|