T
Thufir
"Interestingly, the trojan disables a number of security utilities,
such as F-Secure's Blacklight rootkit detector and the ZoneAlarm
firewall.
Manual removal procedure:
1. Reboot Windows into Safe Mode (not Safe Mode with Networking!)
2. Delete the following files: C:\Windows\spooldr.exe and C:\Windows
\system32\drivers\spooldr.sys
3. Reboot Windows into normal mode
4. Go to Start -> Run..., type sfc.exe /scannow and click OK
5. When prompted, insert your Windows CD to restore the corrupted
tcpip.sys"
<http://blog.misec.net/tag/rootkits/>
How is this file hidden? The registry is corrupted so that files are
invisible? It can only be removed from safemode (no networking) or
the recovery console?
thanks,
Thufir
such as F-Secure's Blacklight rootkit detector and the ZoneAlarm
firewall.
Manual removal procedure:
1. Reboot Windows into Safe Mode (not Safe Mode with Networking!)
2. Delete the following files: C:\Windows\spooldr.exe and C:\Windows
\system32\drivers\spooldr.sys
3. Reboot Windows into normal mode
4. Go to Start -> Run..., type sfc.exe /scannow and click OK
5. When prompted, insert your Windows CD to restore the corrupted
tcpip.sys"
<http://blog.misec.net/tag/rootkits/>
How is this file hidden? The registry is corrupted so that files are
invisible? It can only be removed from safemode (no networking) or
the recovery console?
thanks,
Thufir