New
#41
Shawn you don't have to explain anything for me. Trust me I know what I am doing. I am not going to argue with you. The reason why she or he isn't allowed to get on to explorer.exe is cause the virus is starting it from when the PC starts up. IF you go to the registry and change the shell from what is on there to explorer.exe he or she will be able to get into safe mode and safe mode with networking. You have a matter of seconds until the virus loads up.
For a user to get to his flash drive he or she would have to know the drive letter of his flash drive.
That is why when I had the user do bcdedit | find "osdevice" it pointed to D .