I have run into a newer variant of this infection where booting into Windows Safe Mode (with or without networking) does not work.
My previous cleaning method does not work in this situation.
So this has presented me with an opportunity to run through all of the various antivirus and antimalware boot images available in the Yumi USB boot utility.
I loaded every .ISO in the Antivirus category to my USB drive to see which ones were effective. The following are my results:
- Acronis Antimalware CD = nothing
- AOSS = nothing
- AVG Rescue CD = nothing
- AVIRA AntiVir Rescue CD = found one infected file [JAVA/Treams.HR], but still infected and can not boot to Safe Mode
- Bitdefender Rescue Disk = found one infected file in Microsoft's Antimalware Quarantine folder
- Dr.Web Live CD = This finally worked! Found 1 infected file and 6 suspicious files, but I believe it was their 'CureRegistry' tool which allowed me to regain control and run Malwarebytes and HitManPro.
- F-Secure Rescue CD = [did not try]
- GDATA Rescue CD = [did not try]
- Kapersky Rescue Disk = nothing
- Panda SafeCD = [did not try]
- Trinity Rescue Kit / Clam-AV = nothing
Note: I did run updates prior to each of the various scans.
Unfortunately, once Dr.Web got me past the instant lock out on Windows boot, I was able to continue the clean up with Malwarebytes and HitManPro and further testing ended.
My take away conclusion is that Dr.Web's CureRegistry function is what made the difference. I will start with that on the next encounter as it would take less than 5 minutes to get back into Windows to start the clean up.