Dear Mod/Enthusiast/Sifu,

I've got a case of virus infection date back last Tuesday which is spread through email with an .exe attachment entitled Princess.Diana.Killing.Revealed.exe

According to the user, she didn't even double-click on the email, just highlighting (system on double-click settings, not single-click mode) it and the attachment triggered. Some of the symptoms are:

1. Floppy drive keeps on running intermittenly with or without any diskette inserted.
2. Unable to use Task Manager
3. Unable to use the Run command box
4. Unable to use Ctrl-Alt-Del for Task Manager too
5. Command prompt had been disabled by Administrator (I'm the Administrator and it was never set to disabled)
6. Trying to run any .exe (programs) will be terminated in split-seconds blink.
7. When attempt to use Safe Mode, all the 3 Safe Mode options were not successful only Boot Windows Normally enabled.
8. Folder Options to view Hidden Files were disabled.
9. The PC is connected to a Domain and after the infection, a force restart of the PC leads to the removal of the PC from the Domain. Since logging in as a Domain user is impossible, I can only log in as Local but the PC name had been changed to "VirusBenci". Due to the use of Malay language and the email also sent from a user with email address who83@yahoo.com I suspect that it's another Indonesian creation of Brontok.
10. When plugged in a USB drive and view the content, it'll infect file within and append the .exe extention to some documents within. When plugged to a healthy PC without using the Autoplay or viewing under Windows Explorer, the virus will not be triggered. An attempt to view the content within the USB drive with Command Prompt didn't show any hidden files at all except when the syntax "dir /ah" is used to view files with hidden attribute. There were 2 files shown within the infected USB key, Word.exe and autorun.inf. Using Microsoft Editor, the autorun.inf file content shows that it's pointing to the Word.exe file. The file itself is Read-Only attribute therefore the file cannot be edit. I manage to create 2 blank text file and change the extention and filename same like the 2 and overwrite 2 virus file before deleting both safely. Somehow, I should have tried a different way like changing the file attributes so that I can see the files and the Antivirus software would be able to detect it.

NOW I NEED SOME HELP HERE.

I planned to removed the infected HDD, and use it as external drive and perform a scan via a healthy PC. But virus were not detected as I suspect it's a new strain.

Also, I would like to know if there's anyway I can access to the registry of the OS installed on the external HDD? Where is the location and how to edit it so that the BRontok will be crippled?