My computer got infected by "MntDrCore" virus (a.k.a. "isass.exe"). This was a new version of the virus, so my AVG didn't detect it.
Ayway I removed it by using the following instructions which I found on the net.
"......To remove MntDrCore.exe from your system, follow these steps.
1. Open windows explore and open your pen drive. Don’t click on it to open.
2. Open command prompt and goto pen drive, and type following command.
3. Attrib –H –S
4. Then view your pen and delete right click and delete all newly appeared
files. (there can be files like autorun.inf,autorun.ini and MntDrCore.exe).
5. Open task manager pressing ALT+CTRL+DEL
6. Go to process tab, and sort process by name.
7. There should be two process running namely, (isass.exe an lsass.exe).
8. lsass is a system process, but isass is a process started by a virus.
9. kill isass.exe (it’s really is an ass)
10. Then open windows registry editor (start>run>regedit)
11. Find any value having part ‘isass.exe’.
12. If you find that value, rename the ‘isass.exe’ part to ‘isass1.exe’. So if
you mistakenly change anything you can back track.
13. Then go to MyComputer and open a new searh.
14. After entering the file to search as ‘isass.exe’, click on ‘more advance
options’.
15. Then select the ‘search hidden files and folders option’
16. If you got any copies of isass.exe, delete them all.
17. Now restart you machine............"
I got them all removed including the registry keys.
But I now got a problem. I cannot disable the "Hide Protected System Files" from Folder Options. once I disabled it and click OK it enables itself.
I searched for solutions in the net and found this,
".......Go to the following registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
DELETE the value CheckedValue in the right window. (Its type should be REG_SZ and data should be 2.)
Now create a new DWORD value called CheckedValue (same as above, except that the type is REG_DWORD). Modify the value data to 1 (0x00000001).
This should let you change the "Hidden Files and Folders" option..........."
But it didn't work. There is no "REG_RZ" value is the name of "CheckedValue".
Is there anything to do to fix the problem (apart from formatting)?
Ayway I removed it by using the following instructions which I found on the net.
"......To remove MntDrCore.exe from your system, follow these steps.
1. Open windows explore and open your pen drive. Don’t click on it to open.
2. Open command prompt and goto pen drive, and type following command.
3. Attrib –H –S
4. Then view your pen and delete right click and delete all newly appeared
files. (there can be files like autorun.inf,autorun.ini and MntDrCore.exe).
5. Open task manager pressing ALT+CTRL+DEL
6. Go to process tab, and sort process by name.
7. There should be two process running namely, (isass.exe an lsass.exe).
8. lsass is a system process, but isass is a process started by a virus.
9. kill isass.exe (it’s really is an ass)
10. Then open windows registry editor (start>run>regedit)
11. Find any value having part ‘isass.exe’.
12. If you find that value, rename the ‘isass.exe’ part to ‘isass1.exe’. So if
you mistakenly change anything you can back track.
13. Then go to MyComputer and open a new searh.
14. After entering the file to search as ‘isass.exe’, click on ‘more advance
options’.
15. Then select the ‘search hidden files and folders option’
16. If you got any copies of isass.exe, delete them all.
17. Now restart you machine............"
I got them all removed including the registry keys.
But I now got a problem. I cannot disable the "Hide Protected System Files" from Folder Options. once I disabled it and click OK it enables itself.
I searched for solutions in the net and found this,
".......Go to the following registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
DELETE the value CheckedValue in the right window. (Its type should be REG_SZ and data should be 2.)
Now create a new DWORD value called CheckedValue (same as above, except that the type is REG_DWORD). Modify the value data to 1 (0x00000001).
This should let you change the "Hidden Files and Folders" option..........."
But it didn't work. There is no "REG_RZ" value is the name of "CheckedValue".
Is there anything to do to fix the problem (apart from formatting)?
. you can easily install a fresh copy of windows without formating the hard drive and previous viruses will not come back with the new registry/software settings 
