-
October 5th, 2005, 05:12 PM
#1
Junior Member
Removing "Gemini" type Restoration?
Ok, so install LOP and you'll get two iexplore.exes - now, if you remove anything, it will be restored. If you kill one, it will be restored by the other.
Thus they mutually look after each other - the only way of getting rid of this effectively is to use their uninstaller. How would it be done the manual way?
Thanks <3
-
October 5th, 2005, 05:20 PM
#2
This is one of the better explanations of LOP and it's removal.
http://www.doxdesk.com/parasite/lop.html
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
-
October 5th, 2005, 06:13 PM
#3
Junior Member
Thank you for the link, however, with the LOP varient installed by a program such as MSG+, there is a dual IEXPLORE.EXE process which instantly restores any component that is deleted etc etc.
-
October 5th, 2005, 06:18 PM
#4
Download process explorer from systernals.
You can kill multiple processes at one time.
http://www.sysinternals.com/Utilitie...sExplorer.html
BTW: Does it still load in safe mode? If not, then install all the necessary tools (and update them) and then remove it in safe mode.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 5th, 2005, 06:28 PM
#5
Have you tried using Adaware SE http://www.lavasoftusa.com/software/adaware/ this will clean out a lot of the LOP variants garbage, actually you should try to do a complete clean of your PC with Ccleaner as well http://www.ccleaner.com/ and then use Spybot S & D http://www.safer-networking.org/en/
If after you have tried these and you still have the problem, maybe you can submit a HJT log to http://forums.tomcoyote.org/index.php?showforum=27
To get the HJT app go to http://www.tomcoyote.org/hjt/ follow the instructions and someone there will help you get rid of the problem.
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
-
October 5th, 2005, 10:43 PM
#6
This sounds rather like the classic "Robin hood and friar tuck" attack.
I created a Windows program that did this (experimentally; it had no detrimental effect, wasn't intended for any malicious purpose, wasn't distributed and I didn't publish the source) about 6 years ago.
I discovered that in order to be effective, I attach debuggers to both processes, suspending them. Then I get the debuggers to kill both the (now-suspended) processes, in any order I want (they won't restart as they're both suspended).
That worked fine.
Slarty
-
October 6th, 2005, 09:26 PM
#7
Junior Member
Ooh that sounds cool, I have little compiled programming experience so would you be so kind as to recommend the debuggers?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|