Print Story Thanks!
By Gully Foyle (Tue May 25, 2004 at 10:32:09 AM EST) (all tags)
So, the pr0n site redirector mentioned in my last diary turned out to be a system32.dll replacement. Thanks go especially to Cloaked User and alarmist, and also to webwench, codemonkey_uk, CrocoStimpy, yankeehack and dmg. Inside, the solution...

So, this is a new piece of malware, which none of the Ad blockers and virus checkers find yet, and only has brief mention on message board postings over last weekend. I managed to find the System32.dll problem by cross referencing DLL calls with registry accesses, and renaming files accordingly. Problem solved.

All I did was click a link in a (in hindsight not very well) disguised spam, so why do I feel like one of those guys who turns up at A&E with a tuba up his rectum, and says "I just fell on it" ?

All IE shortcuts are duly removed from my desktop. Time for bed.

< Almost Dorm Wars: A Dallas Vacation | BBC White season: 'Rivers of Blood' >
Thanks! | 3 comments (3 topical, 0 hidden) | Trackback
You are not alone by cam (3.00 / 0) #1 Tue May 25, 2004 at 11:26:14 AM EST
Ad-aware being run through our system the other day turned up gator. No idea how it got there. We dont use IE, only thing I can think of is my wife tried out Skype. That is from the same folks as KaZaa. I removed it in short order.

Freedom, liberty, equity and an Australian Republic

Suggestion by CrocoStimpy (6.00 / 2) #2 Tue May 25, 2004 at 05:14:48 PM EST
Do a quick writeup of the problem and solution.  Post it to an appropriate news group.  Include in the post a list of terms that someone with the same problem might search on.  You will receive the adulation of dozens.

No worries by Cloaked User (3.00 / 0) #3 Wed May 26, 2004 at 07:09:02 AM EST
Apart from the arguments to dir, which only took a minute to work out, it was all stuff I knew anyway; and what's the good of knowledge if you can't share it with people?

This is not a psychotic episode. It is a cleansing moment of clarity.
Thanks! | 3 comments (3 topical, 0 hidden) | Trackback