-
December 17th, 2002, 05:32 PM
#1
Junior Member
-
December 17th, 2002, 05:42 PM
#2
trojan horses and keyloggers sometimes use the same methods for auto startup i suggest
reading the file i have attached to this message it covers some of the methods used for auto starting trojans...
-
December 17th, 2002, 05:47 PM
#3
Alternate realities celebrate reality. If you cant handle the reality your in, then you wont be able to handle the one your attempting to escape to.
-
December 17th, 2002, 05:49 PM
#4
Senior Member
hey Pablo I've got a question for you. How'd you know that it was a keylogger?
[pong][blur]Victory to Success[/blur][/pong]is only half won through the[pong][blur]Habit of Hard Work...[/blur][/pong]
-Jagfire19
-
December 17th, 2002, 05:56 PM
#5
Originally posted here by black_death
trojan horses and keyloggers sometimes use the same methods for auto startup i suggest
reading the file i have attached to this message it covers some of the methods used for auto starting trojans...
Use the above and if the problem presists shearch the registry for PFCX.EXE and delete the entries. You should also check the startup folder.
On the HD the folder the offending file is in might give you more info w/r/t where it came from. When I search google I only get 2 hits for PFCX.EXE. Both are tied to the same geocities page for VGA Planets.
Cheers,
-D
If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
-
December 17th, 2002, 06:00 PM
#6
Heya,
I've been playing with that Hellhackz-thing myself for a while after you posted that link. As stated by Mahakaal, it's the Soft-Central Keylogger.
Once you execute the hellhackz.exe file, it tries to contact mx1.hotmail.com to mx4.hotmail.com.
Deleting PFCX.EXE indeed is the solution. Just deleting it in Windows won't work. Deleting it in DOS won't work either (even if you remove the +r and +h attributes), so I found something else.
Just do a search for pfcx.exe (Start --> search). In Windows 2k, it is in C:\winnt\system32.
Once you found the file, ctrl-alt-del to taskmanager and kill the pfcx.exe process.
Then right-click it in the search-window, and select delete. Weird, but it works...
And of course make sure to get rid of the original hellhackz.exe
Hope this helped.
-
December 17th, 2002, 06:28 PM
#7
Then I searched for the file but it doesn't exists
Make sure that you are configured to show hidden files and folders. If the program is loading but you are unable to find it you may be set up to not show any hidden files.
If you receive something that says \'Send this to everyone you know,\' pretend you don\'t know me.
-
January 12th, 2003, 12:35 PM
#8
Banned
would "msconfig" help. when i run that i can control what starts up on my box [xp].
i know this won't slove prob but could make runnin ur pc better untill u get rid of this.
i type... run > msconfig
just a thought.
-
January 12th, 2003, 08:42 PM
#9
I've seen some of these programs also start themselves as services, so there is another place to look if you don't find anything in the usual startup places.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
January 13th, 2003, 05:29 AM
#10
Member
well while trying to find a sollution to your problem,i would suggest you to install a firewall.then you can control the whole network trafic and prevent the program to connect to its server.then try to solve the problem.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|