TechSpot

Personalized Settings Virus

By eclipse245
Apr 10, 2009
  1. Lately, I have opened a foul Ventrilo.exe which was backdoored. Never knew, but I do now.

    On Startup, I get a Personalized Settings message top left, and in the middle of the screen I get a "Run" "Cancel" "server.exe"


    In the Personalized settings box it says "C:\Windows\system32\lol\server.exe"

    I tried using CMD to remove the directory and file, CMD can't find it. i can't find it either.

    So I was thinking of using a ComboFix script to remove it. Except I don't know what the commands are for combofix scripts.

    The combofix script is attached!
     
  2. eclipse245

    eclipse245 TS Rookie Topic Starter Posts: 40

    WOOT.

    Got rid of it on my own.

    Used Killbox, and deleted the reg entries.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...