Re: can't get rid of worm
Quote:
Originally posted here by mavax
hi all,
4) I looked at hkey_local_machine\software\microsoft\windows\currentversion\run but found nothing suspicious, except maybe the 1st process, only because it has no description
yeah - well some that stuff don't always launch from that reg key. look @ the link!!
http://www.bleepingcomputer.com/forums/tutorial83.html
Re: Re: can't get rid of worm
Nice link you got there-
But I think Hijack This was updated to cover it? In fact I'm trying it right now and it looks like it picked up the registry areas that are covered in that link. Although- you're saying the link is about not using the registry to load services? Which one of us is confused? That whole article is entirely about the registry... Let me check again.
edit- from site
Quote:
Knowing how to diagnose a service running as a malware is an important part of fighting spyware. As more and more spyware and viruses use this technique , the understanding of how services work and are configured in the Registry will make the difference between fixing a computer and not fixing it.