|That's interesting, they are widely used on Security forums generally and we don't run into complaints on Computing.Net's security forum (take a look). I've been using them on my own XP and am still doing so. Were both ADWCleaner and JRT destructive or was it just one of them? ADW gives options so you don't have to let it remove everything it finds.|
I can see why they might see custom scripts as suspicious but nothing else.
The problem with trying to remove infections manually is that they have upped their game considerably over the years and there are multiple variants of every "nasty", re-spawning and hiding themselves etc. It is no longer feasible to try to combat sophisticated malware programs by hand so it has become a matter of fighting software with software. If personal scripts get removed in the process they can be readily put back.
As for RunOnce, sure you can export the registry entry containing whatever happens to be valid there for your particular software mix. This can be used to replace the contents if it changes, either manually or automatically on startup. Your script just deletes all then adds back your previously exported lines. Any new legitimate program that starts there would have to be added when necessary. I imagine you know how to do this but if not export your RunOnce entry, post it on here, and I'll have a look at it for you.
I would emphasise though, that viruses are now written by criminal gangs. This sort of piecemeal approach is limited and something that applied to times gone by. I well remember doing so. Viruses and the like enter in various place, not just via RunOnce - the writers keep themselves well aware of our attempts to prevent them. It's a sad fact that "the bad guys are always ahead of the good guys.
Always pop back and let us know the outcome - thanks
message edited by Derek