I just worked on an infected computer of my user. The virus/trojans are kinda scary. They blocked the malwarebytes.org. Therefore, you cannot go to the web site to download the software. I managed to get the file downloaded on a different computer and move it over. Once I got the setup file over, I cannot install it. It seemed like the trojan knows the name of the setup file. I renamed the setup file and I was able to get it to install. After installation, I cannot get it to run! I figured it’s the same thing that trojan prevents the application to run. So, I changed the application’s name and I was able to invoke the application. After the application was running, it failed to update the definition. However, I was able to run the Anti-Malware and scan the computer.
You might think this is typical behaviours of trojans. What’s so special about it? They are special because even in safe mode, the restrictions imposed by trojans still persist. That means the trojans authors have figured out some ways to circumvene Windows safe mode.
Anyway, none of these would happen if you use the computer as a regular user. Remember NOT to use an admin account for any internet activities EVER.