#1
|
|||
|
|||
New bad BAckdoor-Proggi?
This seems to be a very bad backdoorprogramm, kills antivirus and firewall, made it unable to execute any exefiles and shells exept command.com under NT, stays aktive after new Windows2k installation? I was surprised...after the third windowsinstall it was clean
maybe someone knows it an has more infos |
#2
|
|||
|
|||
Hi thinkping !
You don't need to reinstall Windows. You need follow below steps to repair your Windows: - Use TaskManager to kill winx32sys.exe - Delete two file winx32sys.exe and win386sys.exe in WinNT\system32 directory - Delete two key of winx32sys.exe in registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and RunServices - Delete key of winx32sys.exe in win.ini: [windows] Run=c:\winnt\system32\winx32sys.exe - Delete key of winx32sys.exe in system.ini: [boot] Shell=Explorer.exe c:\winnt\system32\winx32sys.exe - Repair the key of exefile in registry: HKLM\SOFTWARE\Classes\exefile\shell\open\command: c:\winnt\system32\win386sys.exe PASS "%1" %* to "%1" %* I used filemon and regmon of SysInternal to find the action of this backdoor program. It was written in Delphi. Good luck to you. TQN |
#3
|
|||
|
|||
-
ok, thanks that helps.
but taskmanager couldn't killthe application, i use far (wxw.rarlab.com), a nortoncommanderclone for NT. many thanx |
#4
|
||||
|
||||
erm..
This is by no means "new". It is an Optix Pro server by evileyesoftware.
|
|
|