Hi spstn
thanks for reposting that here
(please PM me the other info you had on GoBack i wouldlike to see it...it sounds interesting)
Quote:
|
2) I created the folder Sys32 in %WinDir%\Temp\ , and changed its attributes to "read only". In theory this should interfere with the execution of the worm registry entries
|
sorry, bud this won't work...i tried it but new files can still be added to read-only folders.
i wish there was a way to protect your registry in 'real time' but most programs i know of like
start-up monitor and the
Cleaner only monitor changes made to registry that involves launching programs automatically upon windows loading...usually contained in this key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run or
one of its variants like
-Run,
run services or
run once etcetera.
Thanks also Pod for the clarification about the Benjamin worm and that it is not a VBS born script virus
Ethen you seem to have a huge knowlege of these things...why do you know so much about viruses and trojans? something you'd like to tell us,,,maybe
???
So what you guys are telling me is that this virus is an
executable disguised as something else like a
mp3.exe is that what you mean by "dust"?
thanks for the info Ethen and everyone else who posted
Hey, to
TG 