Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
- To: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
- Subject: [MLUG - DISCUSSION] removing sticky trojans
- From: Michael <EMAIL:PROTECTED>
- Date: Wed, 05 Jul 2006 00:07:20 -0700
- Delivery-date: Wed, 05 Jul 2006 01:08:22 -0500
- Envelope-to: EMAIL:PROTECTED
- Reply-to: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
- Sender: EMAIL:PROTECTED
- User-agent: Thunderbird 1.5.0.4 (Windows/20060516)
One of the Windows boxes I manage picked up a nasty dose of trojans and
spyware. I managed to get rid of all but one using normal spyware and
virus removal tools. That one didn't show up under any of the scanners
and none of them would remove it. It wouldn't show under normal process
listing programs even if they showed hidden processes. I only knew it
existed because it wouldn't let me remove it from processes ran at
start-up. The file responsibile looks to be called efcbayy.dll and I
didn't see it any result when I Googled for it. It couldn't be renamed,
deleted, etc since it was running. It seems it installs as a service
under WinLogon and protects itself. You have to use a program like
Spybot that offers process listing and killing (without protecting any
processes) and kill smss.exe, winlogon.exe, lsass.exe, and services.exe,
in that order, and then you'll be able to delete the file from
c:\windows\system32\ and after rebooting you can change your start-up
not to try to run the file.
Thought I'd mention it here for Google to find.. removal help for future
suffers of this crap. Of course the better fix is to kill your system
and install Linux instead.
_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact