|
Pages: [1]
|
  |
|
|
Author
|
Topic: like wtf. (Read 51 times)
|
|
tomints
CSR Veteran
Karma: +13/-9
 Offline
Gender: 
Posts: 170
 
|
 |
like wtf.
« on: May 19, 2004, 03:50:06 PM »
|
|
i got a VBS_FREELINK worm/trogjan its crazy as hell
i found all information on it..but when you type
"regedit" in run
when it appears i delete the files from hkey_current_user
hkey_local_machine
but everytime i restart like it says, it resets, but there is no save file or anything so save the registry files that i have removed.
...wtf
|
|
 Logged
|
-=M!NTs=-
"The only thing I feel after I kill a man is recoil..."
|
|
|
Fotty
Admin Team
CSR Connoisseur
Karma: +35/-10
Offline
Gender:
Posts: 840
|
|
Re:like wtf.
« Reply #1 on: May 19, 2004, 03:59:51 PM »
|
|
when you delete from the reg its gone.. thats why there is no save.. when you click delete in regedit it actually calls a system dll that deletes the entry as regedit is simply a program for displaying registry data
there is probably another registry entry somewhere (probably in the startup section) that copies the entries back in when you delete them
here are some manual removal instructions i found
Delete the Rundll.vbs file in the \windows\system directory.
Click Start | Run. Then, type regedit. Press OK.
On the left pane, go to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current version\Run
Delete the key: Rundll=Rundll.vbs
Delete all files detected as VBS_FREELINK.
|
|
see that key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current version\Run" is where any apps that will run when you boot windows are stored... so this virus runs each time you boot and rewrites its reg keys
|
| « Last Edit: May 19, 2004, 04:01:02 PM by Fotty » |
Logged
|
|
|
|
tomints
CSR Veteran
Karma: +13/-9
Offline
Gender:
Posts: 170
|
|
Re:like wtf.
« Reply #2 on: May 19, 2004, 04:02:27 PM »
|
|
i figured that but listen 2 this..everytime its deleted from reg...it reinstalls itself, in more hkey's
now i got it all over in all sorts of folders..
it cant be deleted..thats why i asked
its crazy
|
|
Logged
|
-=M!NTs=-
"The only thing I feel after I kill a man is recoil..."
|
|
|
Fotty
Admin Team
CSR Connoisseur
Karma: +35/-10
Offline
Gender:
Posts: 840
|
|
Re:like wtf.
« Reply #3 on: May 20, 2004, 10:45:36 AM »
|
|
http://www.trendmicro.com/download/dcs.asp
they seem to have a removal utility for this virus.. also there appears to be several variations of the script.. you don't happen to know which one you have do you?
|
|
Logged
|
|
|
|
|
Pages: [1]
|
|
|
|
|
|
CSReloaded Forums | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved. |
|
|
