The Cellar - View Single Post

Scopulus Argentarius · 02-14-2004, 10:27 PM

the nasty reinfected itself through a few inventive ways....

1. a js function exploit in an "assability' style sheet it configured for internet exploder. (internet options - accessability options-somewhere in there..one of the bottom buttons). Starting up ie would re-infect...(or at least partially boot the nasty so it could finish setting itself)

2. a hook into the default action for an exe file (would launcgh it whenever someone launched an exe).. running any program would re-infect/launch (if not already running)

3. an old time "run=something.exe" in the system.ini file along with reg entries in HKLM [& HKLU]\Software\Microsoft\Windows\Current\run ... system eboot would start it

Has anyone else found bugs that infect in suprising ways....?????

02-14-2004, 10:27 PM	#9
Scopulus Argentarius Your current user title is: Join Date: Oct 2001 Location: BTR Posts: 301	coninuted from above the nasty reinfected itself through a few inventive ways.... 1. a js function exploit in an "assability' style sheet it configured for internet exploder. (internet options - accessability options-somewhere in there..one of the bottom buttons). Starting up ie would re-infect...(or at least partially boot the nasty so it could finish setting itself) 2. a hook into the default action for an exe file (would launcgh it whenever someone launched an exe).. running any program would re-infect/launch (if not already running) 3. an old time "run=something.exe" in the system.ini file along with reg entries in HKLM [& HKLU]\Software\Microsoft\Windows\Current\run ... system eboot would start it Has anyone else found bugs that infect in suprising ways....?????