Cleaning up after WMF exploit third party boot disc



At this point, I needed to rename or delete some files that windows would not let me touch. I had this winlogon.exe running from a suspect directory c:windowsinet20001 and windows wouldn’t let me kill it, or remove it’s start entry in the registry. So, I booted my image from a dsl linux cd and opted for command line only. Once booted, I navigated to mount the windows partition and cd’d to /mnt/hda1/windows/inet20001


Here’s what it contained…. 3.00.13.dll (BHO of some sort), mm4.exe, services.exe, alg.exe, mm4.exe.bak, winlogon.exe, alg.exe.bak, mm.pid I renamed the folder (so the files within would no longer be found and run and moved to windows/system32 which is where some of the other pests were…

vxgame1.exe vxgame2.exe vxgame3.exe vxgame6.exe vxh8jkdq1.exe vxh8jkdq2.exe vxh8jkdq5.exe vxh8jkdq6.exe vxh8jkdq7.exe vxgamet1.exe vxgamet3.exe vxgamet4.exe were all here and got renamed. I also renamed the winstall.exe file which was still in c: I later came back to get the kernels64.exe (Which I believe was also in c:windowssystem32 )

Related Posts

Blog Traffic Exchange Related Posts
  • The latest and greatest in Malware Removals I have started referring to malware more and more lately because the term virus doesn't exactly describe the pests I see on peoples machines and the terms spyware or adware aren't doing justice to some of these pests either. (There are many pieces of what I would consider malware that......
  • How to Remove Antivirus System Pro | Antivirus System Pro Removal Guide Last week I had the opportunity to remove Antivirus System Pro from not one, but two machines. Given that I was seeing it a bit more frequently I thought it might be a new rogue antivirus application, but I quickly found out that it's been out at least since June......
  • How to Remove TrustFighter | Trust Fighter Removal Guide TrustFighter sports a very familiar face, but a different name. Trustfighter is a rogue security application that is in the long line of similar applications such as TrustSoldier (TrustSoldier removal guide) and the following others... SafeFighter (Safefighter Removal), TrustCop (TrustCop Removal Guide), SecureWarrior (SecureWarrior Removal), SecurityFighter (SecurityFighter Removal), SecuritySoldier (SecuritySoldier......
Blog Traffic Exchange Related Websites
  • What is a Bank CD? Before comparing interest rates or buying a CD at the bank, come to an understanding on how Certificates of Deposit work. Rules and Regulations of Bank CDs CDs, commonly known to many as bank certificates of deposit, are issued by many different banks. CDs are tightly regulated via state and......
  • Ways to Green Your Home There are many different ways that you can green your home and your options will vary depending on your home improvement skills and what your budget is. You can find lots of things to do on a low budget, but they might require more work on your end to get......
  • Generate an energy report on your Windows 7 All of us have huge power bills and would like to cut it down any way we can, and the computer seems the first thing to alter. The thing you would need to do is to generate an energy report on your Windows 7, from there it is pretty much......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site