Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page New bad BAckdoor-Proggi?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-10-2003, 15:33
TQN TQN is offline
VIP
  
Join Date: Apr 2003
Location: Vietnam
Posts: 358
Rept. Given: 143
Rept. Rcvd 24 Times in 13 Posts
Thanks Given: 196
Thanks Rcvd at 168 Times in 51 Posts
TQN Reputation: 24
Hi thinkping !
You don't need to reinstall Windows. You need follow below steps to repair your Windows:
- Use TaskManager to kill winx32sys.exe
- Delete two file winx32sys.exe and win386sys.exe in WinNT\system32 directory
- Delete two key of winx32sys.exe in registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and RunServices
- Delete key of winx32sys.exe in win.ini:
[windows]
Run=c:\winnt\system32\winx32sys.exe
- Delete key of winx32sys.exe in system.ini:
[boot]
Shell=Explorer.exe c:\winnt\system32\winx32sys.exe
- Repair the key of exefile in registry:
HKLM\SOFTWARE\Classes\exefile\shell\open\command:
c:\winnt\system32\win386sys.exe PASS "%1" %*
to "%1" %*
I used filemon and regmon of SysInternal to find the action of this backdoor program. It was written in Delphi.
Good luck to you.
TQN
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 03:04.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )