Checked your win.ini lately?

So, I didn't completely totally destroy that Trojan that I reported on in my last post. But before I looked at the computer and screamed, "FUCK IT, I'M GOING TO LINUX!," I went through my win.ini file through MSConfig. Mr. Scummy Virus Writer coded his virus in such a way as to have it load up in win.ini! I unchecked the offending lines, and thus two hours later, after various files deleted and numerous reboots, I think I am virus free. How this slipped past both AvG and MS Anti-Spyware is beyond me! Maybe both those don't check win.ini, as aren't we supposed to be loading everything up in the registry anyhow?

(Update 7/1/05: No, I was NOT virus free. What you need to do is delete the offending lines, and then put win.ini as 'read-only', and then find a program called Hijack This!, run it, and delete the offending lines. MAKE SURE YOU HAVE KILLED ANY AND ALL VIRUS PROCESSES FIRST! Re-boot, then go delete the offending files.)

No comments: