eclipse245
Posts: 40 +0
Lately, I have opened a foul Ventrilo.exe which was backdoored. Never knew, but I do now.
On Startup, I get a Personalized Settings message top left, and in the middle of the screen I get a "Run" "Cancel" "server.exe"
In the Personalized settings box it says "C:\Windows\system32\lol\server.exe"
I tried using CMD to remove the directory and file, CMD can't find it. i can't find it either.
So I was thinking of using a ComboFix script to remove it. Except I don't know what the commands are for combofix scripts.
The combofix script is attached!
On Startup, I get a Personalized Settings message top left, and in the middle of the screen I get a "Run" "Cancel" "server.exe"
In the Personalized settings box it says "C:\Windows\system32\lol\server.exe"
I tried using CMD to remove the directory and file, CMD can't find it. i can't find it either.
So I was thinking of using a ComboFix script to remove it. Except I don't know what the commands are for combofix scripts.
The combofix script is attached!