I spent the entire day cleaning this nasty POS:
http://www.sophos.com/virusinfo/analyses/trojlegmirbz.html
off my dad's computer. There were SO MANY times that I thought I had NAILED the sucker to it's source but it KEPT FARKING POPPING BACK UP! Safe-mode? Fucking useless nowadays. It's simply ridiculous how smart these trojans have become. It hooks into all of the most common file types in the registry and hides multiple copies of itself all over the windows and program files folder. Even though you might have found one source, smss.exe under win_dir, and figure out how to kill the process to delete it, it still has like 10 copies all over the place; all of them ready to respawn all it's other neighbours when you run an HTML file, use the 'find' function of Windows, starting a screen saver, or even opening a shortcut! Ridiculously clever how it hooks into the registry and modifies all the run commands of Windows. Ridiculously annoying to remove. I would've never been able to do it without that Sophos entry. Special mention to all the great freeware by Sysinternals.
Words never uttered by mortals flowed incessantly from its many mouths.
About Me
- p51dray
- I am a FSA with a BSc in actuarial science from SFU and a former PoMo IB slave who is working towards his FCAS; hence I must be a masochistic exam lover.
No comments:
Post a Comment