Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

windows\system32\soft.exe

Started by dkstrader , Feb 20 2005 12:40 AM

  • This topic is locked This topic is locked

#1
dkstrader
Posted 20 February 2005 - 12:40 AM

dkstrader

    New Member

  • Member
  • Pip
  • 1 posts
I the isearch desktop bar and other malware on my computer. I finally got rid of all of it, however I deleted a file : windows\system32\soft.exe. Can anyone tell me where I can get this again? I searched my XP disks, but came up with nothing. Any help would be appreciated.

thanks
  • 0

Advertisements

#2
Guest_thatman_*
Posted 20 February 2005 - 08:53 AM

Guest_thatman_*
  • Guest
Hi dkstrader

Now why would you want to put Malware onto your system.

%sysdir%\soft.exe
Trojan Admincash.
Disables Widnows security settings.
Download additional adware components.
Adds "run" = "%System%\soft.exe" to Windows startup registry keys.
Adds the value:
"Web Service" = "%System%\[random file name].exe"
to Active Setup registry keys.
Adds the value:
"DisableSR" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
to disable System Restore.
Adds the value:
"EnableFirewall" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
to disable Windows security features.

"NoAutoUpdate" = "0x00000001"
"AUOptions" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
to disable Windows Auto Update.

You Must Read This Before Posting A Hijackthis Log

Please post a new HJT.Log

Kc :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP