- Lamebot
- Sep 8, 2005
-
ロボ顔菌~♡
|
ProjektorBoy posted:
I work for a large corporation's help desk and the occasional malware infection comes up on the computers of the people who call me. I've been able to scrub these computers clean manually by just a combination of resourcefulness, a good solid knowledge of known-good processes, and having Process Explorer at hand.
Process Explorer is great because it'll let you see every DLL file that an executable loads. Even better, it somehow is able to mark suspect DLL files in the list. It took a combination of using the sword of regsvr32 /u and being able to quickly get to certain file locations. Also there were times where I'd boot up the computer to the login screen, then go delete the bad files remotely because they attach to winlogon.exe. I've been able to defeat everything that came up at me so far.
I'm aware that nastier things are out there, but I already feel pretty competent against the current wave of shitware that's out there.
indeed, process explorer owns. helped me kill some threads attached to winlogon and lsass so i could run some tools without the drat trojan cockblocking it. customers bring in scarier poo poo every day.
|
#
¿
Dec 30, 2008 21:47
|
|
- Adbot
-
ADBOT LOVES YOU
|
|
#
¿
Apr 25, 2024 21:12
|
|