Replies

Recently I dealt with a nasty bot on a friend's machine. This thing would automatically regenerate the registry entries every time I deleted them, and made it impossible to delete the .dll file that was generating the entries and popups. Finally had to reboot into Safe mode to delete the little bugger and clear the registry.

This thing would automatically regenerate the registry entries every time I deleted them

My friend's XP box has one called "svhost.exe" that resides in C:\Windows as a hidden file. It came in via a CoolWebSearch trojan called "Googlems". I cannot get control of the C:\drive before windows does in order to delete it. The NTFS partition won't allow that.

Consequently, this executable regenerates the registry entries and everything else that you can clean out...every 10 seconds. It won't even allow you to see the Spybot S&D files in any directory they are in...it even shuts down MSIE when you visit the Spybot homepage!

I've given up and told him he'll need to find his restore disk(s) so we can wipe it clean and then patch the gaping MS Java VM hole.

77 posted on 05/26/2004 3:26:43 PM PDT by Bloody Sam Roberts (ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,Election '04...It's going to be a bumpy ride,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø)