vundo - yet another reason java sucks big time
so my friend gets an infection with this vundo nonsense. this is why you don't let dumb family members visiting touch your computer. after removing the drive from the machine, hooking it up to my workstation, and scanning the holy hell out of it, i think it's removed.
WRONG!
turns out those bastards attrib +s +h their .dll file which kept populating entries in regedit. in this case the file was named rilalelu.dll. convinced it's buried in the HKLM\software\microsoft\windows nt\currentversion\winlogon\notify, i check again. nope, nothing but required system files.
open process explorer, look at the threads, and rilalelu is attached to every single process, from their shitty aol to winlogon, explorer, svchost, you name it, it's attached. remove the drive one final time, go into cmd, and brute force the damn thing out.
cd windows\system32
attrib -h |more
dir rila*
attrib -s rilalelu.dll
del rilalelu.dll
WRONG!
turns out those bastards attrib +s +h their .dll file which kept populating entries in regedit. in this case the file was named rilalelu.dll. convinced it's buried in the HKLM\software\microsoft\windows nt\currentversion\winlogon\notify, i check again. nope, nothing but required system files.
open process explorer, look at the threads, and rilalelu is attached to every single process, from their shitty aol to winlogon, explorer, svchost, you name it, it's attached. remove the drive one final time, go into cmd, and brute force the damn thing out.
cd windows\system32
attrib -h |more
dir rila*
attrib -s rilalelu.dll
del rilalelu.dll
posted by tehrawr at 7:50 PM
0 Comments:
Post a Comment
<< Home