|
|
#1
12-10-2003, 07:09
|
|||
|
|||
New bad BAckdoor-Proggi?
This seems to be a very bad backdoorprogramm, kills antivirus and firewall, made it unable to execute any exefiles and shells exept command.com under NT, stays aktive after new Windows2k installation? I was surprised...after the third windowsinstall it was clean
 maybe someone knows it an has more infos 
|
|
#2
12-10-2003, 15:33
|
|||
|
|||
|
Hi thinkping !
You don't need to reinstall Windows. You need follow below steps to repair your Windows: - Use TaskManager to kill winx32sys.exe - Delete two file winx32sys.exe and win386sys.exe in WinNT\system32 directory - Delete two key of winx32sys.exe in registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and RunServices - Delete key of winx32sys.exe in win.ini: [windows] Run=c:\winnt\system32\winx32sys.exe - Delete key of winx32sys.exe in system.ini: [boot] Shell=Explorer.exe c:\winnt\system32\winx32sys.exe - Repair the key of exefile in registry: HKLM\SOFTWARE\Classes\exefile\shell\open\command: c:\winnt\system32\win386sys.exe PASS "%1" %* to "%1" %* I used filemon and regmon of SysInternal to find the action of this backdoor program. It was written in Delphi. Good luck to you. TQN
|
|
#3
12-11-2003, 02:34
|
|||
|
|||
|
-
ok, thanks that helps.
but taskmanager couldn't killthe application, i use far (wxw.rarlab.com), a nortoncommanderclone for NT. many thanx 
|
 |
|
|
erm..
Linear Mode
