also @ TechSpot: Apple iOS 'Absinthe' jailbreak: 1 million downloads and counting

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

Vundo removal

Discussion in 'Virus and Malware Removal' started by BigKahuna, Dec 15, 2008.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. AaronSimpson Newcomer, in training

    Pretty much.. but that's not technically true!

    Try this dos command:
    shutdown /?

    It will show you all the shutdown options =)

    this is a sample of how to reboot in 60 seconds, with a comment to the popup
    shutdown -r -t 60 -c "Rebooting computer"

    to cancel, just type
    shutdown -a


    .... remember.. dos is your friend. It's all you ever need keep your machine maintained.
    AaronSimpson, Dec 23, 2008
    #21

  2. kimsland Ex-TechSpotter

    I agree
    Not only that, but depending on your default power management settings
    Press the power button momentarily on your computer
    Your computer will automatically shutdown normally
    Try it when you want to shutdown next, but don't hold the ON button in for more than 2 or 3 seconds because then it'll just turn off straight away. (and we don't want that, because it may cause corruptions, that Check Disk will need to be run, to fix it.)
    kimsland, Dec 23, 2008
    #22

  3. mflynn Newcomer, in training

    It is absolutely not just technically true!

    In order to kill Winlogon the Session manager has to be killed first!

    After Winlogon is killed.

    The only way you can shut the computer down is to power it off. Period!

    No Ctrl Alt Del!

    Winlogon is the only way to log on off shutdown reboot Windows.

    I know all the shutdown switches by heart for both Microsoft and Systernals Shutdown.

    Run Shutdown all you want any switch. All logon/off shutdown/reboot require the Winlogon service tree.

    Even the advanced Systernals shutdown will not work.

    Try it!

    Mike
    mflynn, Dec 23, 2008
    #23

  4. kimsland Ex-TechSpotter

    I can't (well actually I haven't tried other tools, just Ctrl + Alt + Del (ie Task Manager)
    Anyway, after thinking about it, you're most likely correct
    But the Power ON button should still work, in shutting down the computer (as stated above) but I haven't confirmed this either.
    kimsland, Dec 23, 2008
    #24

  5. mflynn Newcomer, in training

    The less than 4 seconds power button only sends the same software shutdown commands that are available to Windows, it has no magic function.

    After Session Manager Smss.exe then Winlogon is terminated a power off is the only alternative.

    Mike
    mflynn, Dec 24, 2008
    #25

  6. AaronSimpson Newcomer, in training

    Let's not forget that the whole purpose of the HARD BOOT is to avoid having Vundo come back from memory.

    It know it seems like an unnecessary precaution that would have no impact - but i have tested it.

    One last thing... everything i posted above was just a specific "scenario".

    Even in the scenario that you did not have to kill ANY processes such as smss.exe, winlogon.exe, explorer.exe ETC - you will still want to do a HARD boot - just to be safe, after rename and/or deletion.

    Next time you get a pesty infection (hopefully you dont ever).. test it.
    AaronSimpson, Dec 25, 2008
    #26
Page 2 of 2
Thread Status:
Not open for further replies.