TIP: Click on subject to list as thread! ANSI
echo: alt-comp-anti-virus
to: ALL
from: B00ZE/EMPIRE
date: 2014-10-30 08:54:00
subject: Re: Who has caught a viru
On 2014-10-30 15:23, Dustin  wrote:

> Dustin  wrote in
> news:XnsA3D682CC1C8A0C9X238BHEUFHHI5RJ791@192.254.233.145:
>> B00ze/Empire  wrote in
>>
>>> So HOW do you remove it? If I recall, RegEdit will not let you
>>> delete the key, so what's the trick? Please tell :-)
>>
>> Hehehehe.. It's piss easy. First, stop explorer.exe, then
>> terminate all dllhost processes. Make sure you leave yourself a
>> console prompt and have sysinternals regdelnull utility. :)
>>
>> Remove the registry keys that you can with regedit, finish up by
>> running the utility I mentioned above on ALL the system hives.
>
> Just so you know, I left out one detail, so I can ask virusguy about
> it later if he chimes in trying to take credit for what I told you to
> remove the beastie. I'd asked him days ago if he knew how. I know he
> doesn't, and I know as long as I skip certain things, I can determine
> if he's figured it out on his own, or is going by what I wrote.
>
> Also, while regedit won't let you do certain things with the
> registry; the API itself as well as other apps certainly will. The
> null character issue as well as the extended ascii characters are a
> regedit.exe issue only. Blame typical MS programmers. The same people
> who told filemanager that directories don't exist if their using
> extended ascii in their filenames are the people I suspect wrote
> regedit with the silly limits it has.
>
> The malware itself is probably one of the easiest ones I've dealt
> with in years. Even though it has no actual file based home. it's
> very easy to remove and is not very well protected at all. One might
> even say because of the way it's loading into the system, it's
> extremely vulnerable.

Thanks! I got RegDelNull downloaded :-) What's amazing is that Windows 
can actually execute registry keys, it boggles the mind. What the hell 
were they thinking; Microsoft sometimes...

-- 
! _\|/_  Sylvain / B00ze64@hotmail.com
! (o o)   Member-+-David-Suzuki-Foundation/EFF/Planetary-Society-+-
oO-( )-Oo  Have you hugged your sysop lately?

--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.