[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Hi all and welcome to some more noobies!
does any one have experience of editing using linux a Winxp Reg file? or
know if Knoppix can do it, away from the Machine?
I am plagued by my Father currently re acquiring this Trojan virus
which infects Services.exe and changes userinit.exe in the system32
folder. I get him to delete the files using dual boot and Linux but he
baulks at editing the reg to remove the line which points to the Trojan
like this.
<snip>
The Trojan also creates the following keys in the system registry:
[HKLM\Software\Microsoft\Serenta]
[HKLM\Software\Microsoft\Serenta\Run]
The SERVICES.EXE which is launched in a separate stream constantly
creates the following values in the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SERVICES.EXE"="%Windir%\SERVICES.EXE"
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe %Windir%\SERVICES.EXE"
"Userinit"="C:\WINDOWS\system32\userinit.exe,,%Windir%\SERVICES.EXE"
</snip>
So I am thinking if he sent me the system, sam, software files I can
remove all traces and let him put them back using his dual boot.
Only I don't use Windows any more!
Regards
Kevin Lucas
Minions Post Master(Sub) reprieved (possibly!)
Po House, Minions,
Liskeard Cornwall
PL14 5LE
01579363386
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html