Cleaning up after WMF exploit third party boot disc

At this point, I needed to rename or delete some files that windows would not let me touch. I had this winlogon.exe running from a suspect directory c:windowsinet20001 and windows wouldn’t let me kill it, or remove it’s start entry in the registry. So, I booted my image from a dsl linux cd and opted for command line only. Once booted, I navigated to mount the windows partition and cd’d to /mnt/hda1/windows/inet20001

Here’s what it contained…. 3.00.13.dll (BHO of some sort), mm4.exe, services.exe, alg.exe, mm4.exe.bak, winlogon.exe, alg.exe.bak, I renamed the folder (so the files within would no longer be found and run and moved to windows/system32 which is where some of the other pests were…

vxgame1.exe vxgame2.exe vxgame3.exe vxgame6.exe vxh8jkdq1.exe vxh8jkdq2.exe vxh8jkdq5.exe vxh8jkdq6.exe vxh8jkdq7.exe vxgamet1.exe vxgamet3.exe vxgamet4.exe were all here and got renamed. I also renamed the winstall.exe file which was still in c: I later came back to get the kernels64.exe (Which I believe was also in c:windowssystem32 )

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove TrustFighter | Trust Fighter Removal Guide TrustFighter sports a very familiar face, but a different name. Trustfighter is a rogue security application that is in the long line of similar applications such as TrustSoldier (TrustSoldier removal guide) and the following others... SafeFighter (Safefighter Removal), TrustCop (TrustCop Removal Guide), SecureWarrior (SecureWarrior Removal), SecurityFighter (SecurityFighter Removal), SecuritySoldier (SecuritySoldier......
  • Remove Windows Police Pro I'm seeing a lot of searches for how to remove Windows Police Pro this evening. It looks like it's ALSO the latest flavor of the minute in the rogue security application crowd (take a look at remove Green AV for another rogue). As stated before... my usual path for removing......
  • Windows lost administrator password rundown.... I've done one or two mentions in the past of ways to recover/reset lost windows passwords and thought it was probably time for another "brain dump/web research dump" of things that I've run across. This is not just for lost administrator passwords, but could apply to a lost user account......
Blog Traffic Exchange Related Websites
  • What is a Bank CD? Before comparing interest rates or buying a CD at the bank, come to an understanding on how Certificates of Deposit work. Rules and Regulations of Bank CDs CDs, commonly known to many as bank certificates of deposit, are issued by many different banks. CDs are tightly regulated via state and......
  • Generate an energy report on your Windows 7 All of us have huge power bills and would like to cut it down any way we can, and the computer seems the first thing to alter. The thing you would need to do is to generate an energy report on your Windows 7, from there it is pretty much......
  • Ways to Green Your Home There are many different ways that you can green your home and your options will vary depending on your home improvement skills and what your budget is. You can find lots of things to do on a low budget, but they might require more work on your end to get......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site