Redmo0n
Techalicious
- Messages
- 1,566
- Location
- Perth, Australia
I'm still waiting for you to find a really infected log for me
Please message me if you do, i would love to read it
Svchost.exe?
- Thread starter StriderZ
- Start date
- Status
I'm still waiting for you to find a really infected log for me
Please message me if you do, i would love to read it
Redmo0n
Techalicious
- Messages
- 1,566
- Location
- Perth, Australia
Ages ago i asked what was the most infected log you have seen and could you find it for me.
I still expect you to find me one
I still expect you to find me one
Hi,
i tried the delete file on reboot, but it doesn't work..
i downloaded filemon and put in SVCHOST.EXE..
and i enter the D:\ drive and it shows up like D:\WINDOWS\MDM.exe
C:\RavMon.exe D:\RavMon.exe D:\AutoRun.inf C:\AutoRun.inf and D:\WINDOWS\SVCHOST.ini.
and i think i know how i got this..yesterday my friend came over with his usb..and i took something out of the usb, my friend has this also.
i tried the delete file on reboot, but it doesn't work..
i downloaded filemon and put in SVCHOST.EXE..
and i enter the D:\ drive and it shows up like D:\WINDOWS\MDM.exe
C:\RavMon.exe D:\RavMon.exe D:\AutoRun.inf C:\AutoRun.inf and D:\WINDOWS\SVCHOST.ini.
and i think i know how i got this..yesterday my friend came over with his usb..and i took something out of the usb, my friend has this also.
Hi,
sorry for the late reply..anyway, i did that but it still comes up..every time i go to any drives.
i then did some more searching with filemon to see what happens, and theres a file called "RavMon.exe" that is in both of my drives(C: D, everytime i open C: or D:, it will execute RavMon.exe..i used HiJackThis to change the SVCHOST.EXE to NOT read-only so i can delete it with AUTOIT(www.autoitscript.com), but RavMon.exe makes a new SVCHOST.EXE everytime i open up C: or D:, so then i used AVG to delete RavMon.exe in the D: drive, but then i can't open my D: drive? it will say, "What program would you like to open D: with", but when i restore RavMon.exe to the D: drive it can open again..same thing happens with C:...
sorry for the late reply..anyway, i did that but it still comes up..every time i go to any drives.
i then did some more searching with filemon to see what happens, and theres a file called "RavMon.exe" that is in both of my drives(C: D
, everytime i open C: or D:, it will execute RavMon.exe..i used HiJackThis to change the SVCHOST.EXE to NOT read-only so i can delete it with AUTOIT(www.autoitscript.com), but RavMon.exe makes a new SVCHOST.EXE everytime i open up C: or D:, so then i used AVG to delete RavMon.exe in the D: drive, but then i can't open my D: drive? it will say, "What program would you like to open D: with", but when i restore RavMon.exe to the D: drive it can open again..same thing happens with C:...
Redmo0n
Techalicious
- Messages
- 1,566
- Location
- Perth, Australia
- Status
