To: cweese
Recently I dealt with a nasty bot on a friend's machine. This thing would automatically regenerate the registry entries every time I deleted them, and made it impossible to delete the .dll file that was generating the entries and popups. Finally had to reboot into Safe mode to delete the little bugger and clear the registry.
12 posted on
02/17/2004 1:31:41 PM PST by
dfwgator
To: dfwgator
Bump.
Thanks for the advice.
To: dfwgator
This thing would automatically regenerate the registry entries every time I deleted them My friend's XP box has one called "svhost.exe" that resides in C:\Windows as a hidden file. It came in via a CoolWebSearch trojan called "Googlems". I cannot get control of the C:\drive before windows does in order to delete it. The NTFS partition won't allow that.
Consequently, this executable regenerates the registry entries and everything else that you can clean out...every 10 seconds. It won't even allow you to see the Spybot S&D files in any directory they are in...it even shuts down MSIE when you visit the Spybot homepage!
I've given up and told him he'll need to find his restore disk(s) so we can wipe it clean and then patch the gaping MS Java VM hole.
77 posted on
05/26/2004 3:26:43 PM PDT by
Bloody Sam Roberts
(ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,Election '04...It's going to be a bumpy ride,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson