atomic_fungus (atomic_fungus) wrote,

#1830: So much for that "virus-free" stuff.

In Fungus #1826 I lamented the fact that I had found more Kodomo no Jikan online only to get several trojans in the process of reading it.

Sailor V--who is a friend from high school--pointed me (and anyone else) to though (to be fair) he made no guarantee of how safe that site was.

I am here to tell you it is not safe. It's barely safer than the one I warned against visiting.

Why? Because it gave me one of the same trojans I got from the prior site. Only this time the malware program I downloaded couldn't remove the damn thing, so I had to go remove it manually.

Wouldn't you know it? There were a good couple dozen directories in C:\ProgramData, all of which had eight-character names, all of which had create dates of either 11/27 or 11/30...the dates on which I was perusing the sites in question. Mere coincidence?

Hell no.

To get rid of this bitch you have to start the computer in the safe mode command prompt and manually delete the offending DLL. You can't get rid of it otherwise; in regular mode if you remove it from autoruns, it pops right back in there. It won't let you delete the file, and even if you manage to get around that it'll just create a new version of the file and repoint the autorun to that one.

Once you manually delete the evil DLL at the command prompt and restart, you can then remove the callout from autoruns, and it'll stay removed.

The anti-malware package will cost $40 for a year's subscription, and I think I'll go ahead with it, as you can set it up to throw an alert whenever anything tries to modify autoruns (or other critical system parameters) giving you the choice to stop the bitch before it can damage anything.

(I'm going to check out the package Wonderduck suggested first, though, just in case it's freeware.)

Anyway, I wasn't about to manually type out the commands to delete several dozen hidden directories, so I wrote a batch file I called BYTRO.BAT:
@echo off
echo this will delete %1, are you sure?
cd %1
attrib *.* -a -s -r -h
echo y|del *.*
rd %1
echo %1 BALEETED!
It's kind of neat how my old DOS skills are still come in handy once in a while.

I didn't even plan it or anything; I just wrote it off the cuff, double-checking the logic as I wrote it. I had to edit it once to prefix "del *.*" with "echo y|", but other than that it worked flawlessly.

...when I learned DOS, typing "del *.*" and pressing the enter key meant that *.* was deleted; the DEL command didn't have "are you sure?" logic in it back then. Heh.

Anyway, so the trojan is gone, and I'm going to bed.

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.