Disable system restore, scan and clean, reboot, scan and clean....
Thank first for your information,
Is reboot really necessary ?
From the scan and clean process, is there any hints to find out whether it was came from any one of those servers or workstation which access one of those servers. Thanks again.
Besides Andre, if any of you have such previous experience, would you mind to share here ? Thanks a lot.
It was a generic suggestion for the reboot, it nothing is pending removal on reboot you should be ok. Trojans tend to hide so they can have drivers that will only be removed on reboot.
Disabling system restore is very important to stop recurrence of certain infections. It can easily be done remotely:
strcomputer = InputBox("Please type device name to disable system restore: " )
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\default")
Set objItem = objWMIService.Get("SystemRestore")
errResults = objItem.disable("")
Thank you for your information. During reboot after first or subsequent scan, do one need to enter safe mode first ? Or normal start up will be good enough.
Safe mode is better, yes.