using combofix in safe mode with command prompt

I was faced with a fakealert virus yesterday that existed in safe mode also, which made cleaning it very difficult. I used the command prompt method I used a couple weeks ago to clean it. Luckily, I was on a network - not sure I would have been able to do this on a stand alone computer. Here were my steps:

[on the virus affected machine]

boot into safe mode with networking

log in as a domain admin

create new local administrator (on the chance that I didn't know the local admin password)

[from another machine in the network that is not infected]

from another machine on the network logged in as a domain admin

go to \\10.0.0.54\c$ (affected computer drive)

create a new folder on the root of C called malware

download newest version of combofix and copy it to \\10.0.0.54\c$\malware

[on the virus affected machine]

reboot into safe mode with command prompt

log in as local administrator

run c:\malware\combofix.exe

You won't be able to install the recovery console, but in the two times I've tried this, it hasn't been a problem.

malware removal tools

The fakealert malware viruses are everywhere. I've managed to rid most of them with just two tools:

rkill - to terminate the running processes
Malwarebytes - to remove the infections

For just about every fakealert virus, I put rkill.com and mbam.exe (links above) on a flash drive and then run rkill.com on the infected computer. Then I run Malwarebytes full scan and then remove whatever it suggests.

---

The other day, I came across a machine with different symptoms - just in time debugging kept coming up over and over again. I fixed it with combofix, but here's also another suggested tool that I didn't have to use:

Combofix
Dr. Web CureIt

So far, I've fixed every infection I've found using some combination of these tools. I wonder when the antivirus vendors will ever get a hold on this. It's been over a year that these types of viruses have been in the wild.