Thread: One of our servers is a ZOMBIE
View Single Post
  #4  
Old 17-02-2008, 05:45
DABhand DABhand is offline
Banned
  
Join Date: Nov 2004
Location: Near my PC
Posts: 5,406
Thanks: 0
Thanked 3 Times in 3 Posts
DABhand is on a distinguished road
UPX'd dll yeah I think you found your cause. UPX as you know is the poor mans compressor :P

But have you tried to go into safemode and use regsvr32 to uninstall it and remove it. Also remove anything from the c:\windows\system32\prefetch folder also. As it may be residing in there.

Also check your startup incase there is a self executable that reinstates it.

And perhaps even use sfc /scannow to check for legit system files not being tampered with.


EDIT: Search for a lifuqyny file on your system. perhaps thats the culprit :\

There is also a reference to a %08X.dll and %s%s.bak
Last edited by DABhand; 17-02-2008 at 05:59.
Reply With Quote