Computer Tips -Tech Info



« | »

Cleaning up after WMF exploit third party boot disc

At this point, I needed to rename or delete some files that windows would not let me touch. I had this winlogon.exe running from a suspect directory c:windowsinet20001 and windows wouldn’t let me kill it, or remove it’s start entry in the registry. So, I booted my image from a dsl linux cd and opted for command line only. Once booted, I navigated to mount the windows partition and cd’d to /mnt/hda1/windows/inet20001


Here’s what it contained…. 3.00.13.dll (BHO of some sort), mm4.exe, services.exe, alg.exe, mm4.exe.bak, winlogon.exe, alg.exe.bak, mm.pid I renamed the folder (so the files within would no longer be found and run and moved to windows/system32 which is where some of the other pests were…

vxgame1.exe vxgame2.exe vxgame3.exe vxgame6.exe vxh8jkdq1.exe vxh8jkdq2.exe vxh8jkdq5.exe vxh8jkdq6.exe vxh8jkdq7.exe vxgamet1.exe vxgamet3.exe vxgamet4.exe were all here and got renamed. I also renamed the winstall.exe file which was still in c: I later came back to get the kernels64.exe (Which I believe was also in c:windowssystem32 )

Related Posts

Blog Traffic Exchange Related Posts Blog Traffic Exchange Related Websites
www.pdf24.org    Send article as PDF   

Posted by on December 29, 2005.

Tags: , , ,

Categories: Computers, Security, Spyware, Tech Support, Uncategorized, Viruses, Windows

« | »




Recent Posts


Pages



Switch to our desktop site