Cleaning up after WMF exploit third party boot disc



At this point, I needed to rename or delete some files that windows would not let me touch. I had this winlogon.exe running from a suspect directory c:windowsinet20001 and windows wouldn’t let me kill it, or remove it’s start entry in the registry. So, I booted my image from a dsl linux cd and opted for command line only. Once booted, I navigated to mount the windows partition and cd’d to /mnt/hda1/windows/inet20001


Here’s what it contained…. 3.00.13.dll (BHO of some sort), mm4.exe, services.exe, alg.exe, mm4.exe.bak, winlogon.exe, alg.exe.bak, mm.pid I renamed the folder (so the files within would no longer be found and run and moved to windows/system32 which is where some of the other pests were…

vxgame1.exe vxgame2.exe vxgame3.exe vxgame6.exe vxh8jkdq1.exe vxh8jkdq2.exe vxh8jkdq5.exe vxh8jkdq6.exe vxh8jkdq7.exe vxgamet1.exe vxgamet3.exe vxgamet4.exe were all here and got renamed. I also renamed the winstall.exe file which was still in c: I later came back to get the kernels64.exe (Which I believe was also in c:windowssystem32 )

Related Posts

Blog Traffic Exchange Related Posts
  • Remove Personal Antivirus Personal Antivirus is another of those rogue antivirus programs. They claim to protect, but really their goal is to find ways to separate you from your money. Usually this is through false claims of infected files and a "we'll fix it, if you pay us" sales model. Apparently it's almost......
  • Windows lost administrator password rundown.... I've done one or two mentions in the past of ways to recover/reset lost windows passwords and thought it was probably time for another "brain dump/web research dump" of things that I've run across. This is not just for lost administrator passwords, but could apply to a lost user account......
  • How to Remove TrustFighter | Trust Fighter Removal Guide TrustFighter sports a very familiar face, but a different name. Trustfighter is a rogue security application that is in the long line of similar applications such as TrustSoldier (TrustSoldier removal guide) and the following others... SafeFighter (Safefighter Removal), TrustCop (TrustCop Removal Guide), SecureWarrior (SecureWarrior Removal), SecurityFighter (SecurityFighter Removal), SecuritySoldier (SecuritySoldier......
Blog Traffic Exchange Related Websites
  • Ways to Green Your Home There are many different ways that you can green your home and your options will vary depending on your home improvement skills and what your budget is. You can find lots of things to do on a low budget, but they might require more work on your end to get......
  • Generate an energy report on your Windows 7 All of us have huge power bills and would like to cut it down any way we can, and the computer seems the first thing to alter. The thing you would need to do is to generate an energy report on your Windows 7, from there it is pretty much......
  • What is a Bank CD? Before comparing interest rates or buying a CD at the bank, come to an understanding on how Certificates of Deposit work. Rules and Regulations of Bank CDs CDs, commonly known to many as bank certificates of deposit, are issued by many different banks. CDs are tightly regulated via state and......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site