another pest
From: Li'l Roberto (whoisit_at_nospam.net)
Date: 12/23/04
- Next message: Max M.Wachtel III: "Re: another pest"
- Previous message: Gibraltar: "RE: PWS.hooker trogan.. cannot Delete"
- Next in thread: Max M.Wachtel III: "Re: another pest"
- Reply: Max M.Wachtel III: "Re: another pest"
- Reply: Malke: "Re: another pest"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Dec 2004 19:06:00 +1030
XP Home system is infected with something [probably a trojan] but I am
unable to find the files that run at startup.
Here are the details:
msconfig shows two entries: in the startup group
1. nrkmavt.exe
2. gkbdu.exe
these two entries are also present in
HKCU - run key
HKLM - run key
both point to the C:\windows\system32\ folder, however neither file is
visible in that folder or anywere else on the system ??? even with show
all files hidden\system and protected is enabled.
Running a search with wild cards pulls up negative, delete them and
they are back next reboot so my guess is there is another file
monitering their present and recreating them , but what ?.
Scans with the usual tools comes up negative.
Any help greatly appreciated.
rgds
Li'l Roberto
- Next message: Max M.Wachtel III: "Re: another pest"
- Previous message: Gibraltar: "RE: PWS.hooker trogan.. cannot Delete"
- Next in thread: Max M.Wachtel III: "Re: another pest"
- Reply: Max M.Wachtel III: "Re: another pest"
- Reply: Malke: "Re: another pest"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
