Cleaning up after WMF exploit third party boot disc

At this point, I needed to rename or delete some files that windows would not let me touch. I had this winlogon.exe running from a suspect directory c:windowsinet20001 and windows wouldn’t let me kill it, or remove it’s start entry in the registry. So, I booted my image from a dsl linux cd and opted for command line only. Once booted, I navigated to mount the windows partition and cd’d to /mnt/hda1/windows/inet20001

Here’s what it contained…. 3.00.13.dll (BHO of some sort), mm4.exe, services.exe, alg.exe, mm4.exe.bak, winlogon.exe, alg.exe.bak, I renamed the folder (so the files within would no longer be found and run and moved to windows/system32 which is where some of the other pests were…

vxgame1.exe vxgame2.exe vxgame3.exe vxgame6.exe vxh8jkdq1.exe vxh8jkdq2.exe vxh8jkdq5.exe vxh8jkdq6.exe vxh8jkdq7.exe vxgamet1.exe vxgamet3.exe vxgamet4.exe were all here and got renamed. I also renamed the winstall.exe file which was still in c: I later came back to get the kernels64.exe (Which I believe was also in c:windowssystem32 )

Related Posts

Blog Traffic Exchange Related Posts
  • Windows lost administrator password rundown.... I've done one or two mentions in the past of ways to recover/reset lost windows passwords and thought it was probably time for another "brain dump/web research dump" of things that I've run across. This is not just for lost administrator passwords, but could apply to a lost user account......
  • The latest and greatest in Malware Removals I have started referring to malware more and more lately because the term virus doesn't exactly describe the pests I see on peoples machines and the terms spyware or adware aren't doing justice to some of these pests either. (There are many pieces of what I would consider malware that......
  • C:\windows\system32\kernels64.exe not found On the next boot I was greeted with the above message C:\windows\system32\kernels64.exe not found please make sure the path......correct.... blah blah blah. Back to msconfig. Everything there now looks clean. I check the running processes, again everything there looks clean I don't see anything that I've been fighting. So, I......
Blog Traffic Exchange Related Websites
  • Generate an energy report on your Windows 7 All of us have huge power bills and would like to cut it down any way we can, and the computer seems the first thing to alter. The thing you would need to do is to generate an energy report on your Windows 7, from there it is pretty much......
  • What is a Bank CD? Before comparing interest rates or buying a CD at the bank, come to an understanding on how Certificates of Deposit work. Rules and Regulations of Bank CDs CDs, commonly known to many as bank certificates of deposit, are issued by many different banks. CDs are tightly regulated via state and......
  • Ways to Green Your Home There are many different ways that you can green your home and your options will vary depending on your home improvement skills and what your budget is. You can find lots of things to do on a low budget, but they might require more work on your end to get......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site