One of my clients got this ICE virus on their computer and while there were plenty of answers out there on how to get rid of it, none of them worked for me.
The first major problem I had was that I couldn’t boot into safe mode or safe mode with networking, it would just restart the computer. I have seen this type of hijack-ware before and this was not uncommon. (I have actually seen it where the manually disable the F8 screen)
What allowed me to fix this was being able to boot into safe mode with command prompt. Now if your not a computer technician, or don’t know what to do with the command prompt prompt stop now and call a local virus removal expert. Ask them to give you a flat rate fro the virus removal, and be sure to get a guarantee that if they can not remove it they will not charge you.
Ok now that it is said, once in the command prompt, you can open regedit and msconfig, although this did not help me. This ICE virus had embedded itself into one of the users and would not let me log on as them.
Logging on as another user didn’t get me to the areas needed to prevent it from popping up at boot.
I started out by looking in all the usual places documents & settings directory, local settings, application data. I deleted all of the temp folders, and renamed all the funky looking folders I didn’t recognize. You can use the /a switch to see hidden folders and files as in “dir /a”
In my case the pesky little sucker was located in the my documents directory, with a blatantly obvious name like 956ggsdasd.exe Once I deleted the executable, I was able to boot into windows and run combofix.
Then just to be safe I ran a full scan with Malwarebytes to remove anything lingering behind.
As an alternative you could remove the hard drive, use a USB device to attach it to another computer and scan it with Malwarebytes. Unfortunately I haven’t had very good luck using Combofix when a drive is attached as an external device. I do like the fact that Malwarebytes allows you to choose an external drive to scan.
Once the drive has been scanned an cleaned I would recommend running either Combofix or Malwarebytes from within the operating system to make sure there isn’t anymore rootkit activity or files that were left behind.
I hope you found this article useful, if you did please leave an intelligent response below, and share it on your favorite social media channel so that others may find it as well.