KillBox, DllCompare, Findit.bat

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bjgarrick, Jan 4, 2005.

  1. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Are there any tutorials on these tools for the new VX2 infections?
     
    bjgarrick, Jan 4, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Hi BJ,

    No not really! Just look at some of the threads where we have cleaned the stuff up you'll get the idea. You have to be careful what DLLs you delete and know what to look for in the registry keys.
     
    chaslang, Jan 4, 2005
    #2
  3. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Ive been looking at a few and I just thought it would be a good idea to know this since its getting pretty bad. Im getting kinda confused using pocket killbox, the replace on reboot command has me confused, if its bad why do you want it replaced?
     
    bjgarrick, Jan 4, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Because sometimes malware looks for certain files to exist and if they don't find them they respawn. The problem is that you cannot get all the pieces at once so you have to make the pieces that are left not realize something is removed yet.

    It's similar to using HijackThis to Fix lines in the registry. If you don't kill the processes first, as soon as you Fix the lines the running process puts them back.
     
    chaslang, Jan 4, 2005
    #4
  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Oh ok, I see
     
    bjgarrick, Jan 4, 2005
    #5
  6. PhilliePhan

    PhilliePhan Guest

    Hey guys,

    I just wanted to add another step that we have not been using here:

    When KillBox removes items, it places backups in a folder called !Submit. That is designed so users can send (Submit) the malware files to malware fighters like O^E for review. It is generally a good idea to have the user DELETE this folder after a fix. The !Submit folder is usually found here - C:\!Submit.


    Also, we have been seeing Qoologic accompanying the VX2 variant in many cases and this involves a few extra steps. I just cleaned these two here recently in TexasBlaze's thread, if you care to dig that one up.

    PP :)
     
    Last edited by a moderator: Jan 4, 2005
    PhilliePhan, Jan 4, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds