Ok, so i was at a LAN-party last Saturday, and one of my friends was complaining about a weird icon in his traybar. So i checked his computer deeply and found a lot of crap that i removed. But the weird icon was still there, so i clicked it and it took me to a site called "anti vermin anti virus" or something along those lines. Then it kept spamming the site.
Anyway i found the a DLL that was related to the icon and i tried to delete it, but it was attached to winlogon.exe and explorer.exe. I could of course kill the explorer process but i still could not delete the DLL since it was also attached to winlogon.exe. And if i tried to kill that process the computer would restart.
So...how do i delete such a file?
(the computer was formated later that night because we couldn't play with that irritating icon minimizing the games. But i want to know this for future problems.)
Thanks in advance
DLL Injected into explorer.exe and winlogon.exe
DLL Injected into explorer.exe and winlogon.exe
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
hehe...that happens to many users because they still think in the windows syntax...you find all drives in /mnt , but of course they don't have the windows partition names, the first partition on the first drive is usually hda or hda1 (can be a little different, depends on the distro). but be aware that not all distros support write access to NTFS files systems....
- hij-h-acker
- suck-o-fied!
- Posts: 91
- Joined: 24 Feb 2007, 17:00
- 17
- Contact:
- whitegabber
- On the way to fame!
- Posts: 28
- Joined: 30 Jun 2006, 16:00
- 17
pretty weird ..
coz if the dll was injected you should be able to delete the file
coz an injection is actually uploading executable .exe or .dll
code to another process memory ..
(1) open file ..
(2) read file ..
(3) store file code in writable part of other process memory
(4) create remote thread
(5) close process
(6) close file
and thats why i think it's rather weird
coz if the dll was injected you should be able to delete the file
coz an injection is actually uploading executable .exe or .dll
code to another process memory ..
(1) open file ..
(2) read file ..
(3) store file code in writable part of other process memory
(4) create remote thread
(5) close process
(6) close file
and thats why i think it's rather weird
yeah well the DLL was used as a module as far as i know, so the process was using, therefore rendering it impossible to delete just like that.whitegabber wrote: pretty weird ..
coz if the dll was injected you should be able to delete the file
coz an injection is actually uploading executable .exe or .dll
code to another process memory ..
(1) open file ..
(2) read file ..
(3) store file code in writable part of other process memory
(4) create remote thread
(5) close process
(6) close file
and thats why i think it's rather weird
"The best place to hide a tree, is in a forest"
- whitegabber
- On the way to fame!
- Posts: 28
- Joined: 30 Jun 2006, 16:00
- 17