lwolfWe too have seen a significant increase in the number of infected machines - it is getting past both Symantec Endpoint Protection and KES/AVG9.
We worked on a laptop today where the user was NOT a member of the local admin group, yet it somehow got totally messed up with the virus.
smbtechnologyWe always go pull the hard drive from the machine in question. Then run Malwarebytes & SuperAntiSpyware with the drive plugged in to a SATA drive dock on another machine. Ensures that malware processes don't run.
To be honest, in most cases the scans is just to quantify to the client the amount of crap on the machine. We then flatten and re-install.
/SP- /VerySilent /SuppressMsgBoxes /NoCancel
billmcclWe had a PC where McAfee found and deleted Winlogon32.exe and smss32.exe but then we couldn't login due to it not cleaning up the registry. Anyone know how to get around this?