Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   New bad BAckdoor-Proggi? (https://forum.exetools.com/showthread.php?t=3054)

thinkping 12-10-2003 07:09
New bad BAckdoor-Proggi?
 
1 Attachment(s)
This seems to be a very bad backdoorprogramm, kills antivirus and firewall, made it unable to execute any exefiles and shells exept command.com under NT, stays aktive after new Windows2k installation? I was surprised...after the third windowsinstall it was clean :(

maybe someone knows it an has more infos

TQN 12-10-2003 15:33
Hi thinkping !
You don't need to reinstall Windows. You need follow below steps to repair your Windows:
- Use TaskManager to kill winx32sys.exe
- Delete two file winx32sys.exe and win386sys.exe in WinNT\system32 directory
- Delete two key of winx32sys.exe in registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and RunServices
- Delete key of winx32sys.exe in win.ini:
[windows]
Run=c:\winnt\system32\winx32sys.exe
- Delete key of winx32sys.exe in system.ini:
[boot]
Shell=Explorer.exe c:\winnt\system32\winx32sys.exe
- Repair the key of exefile in registry:
HKLM\SOFTWARE\Classes\exefile\shell\open\command:
c:\winnt\system32\win386sys.exe PASS "%1" %*
to "%1" %*
I used filemon and regmon of SysInternal to find the action of this backdoor program. It was written in Delphi.
Good luck to you.
TQN

thinkping 12-11-2003 02:34
-
 
ok, thanks that helps.

but taskmanager couldn't killthe application, i use far (wxw.rarlab.com), a nortoncommanderclone for NT.

many thanx :)

c4p0ne 12-16-2003 04:08
erm..
 
This is by no means "new". It is an Optix Pro server by evileyesoftware.


All times are GMT +8. The time now is 21:47.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX