Infopost | 2010.04.02

John McAfee MP5

I had to de-virus a computer today and since casual googling didn't turn up any results I thought I'd share the fix with the interwebs. It came from some hulu-ish site, I'm not sure the details on how it passed as innocuous.

It installs an app that appears to be a generic looking antivirus program. It continuously prompts you to purchase the full version from a domain called pc-fortress or something. Trying to run anything from word to regedit results in the window being killed with a kind dialog, 'this executable is infected, want to purchase the full version?'

Bleh. That's why WinMo programmers have it so easy, MS apis must be full of great stuff, like an interface to kill whatever OS app you feel like.

So basically you just restart in safe mode cause the malware author sucks and needed Windows to start it. For me, the startup tab of msconfig had sknqxoufx, an exe located in one of the user data/app data hidden folders. The name could be randomly generated (again, no google results). With the autostart box unchecked and the directory removed, problem solved.

Other news in brief: lots of work... Malaysia GP - not a good RBR track still excited... still need lawnmower... Shred The Gnar won 3-2 on Thursday... Arthur coming into town soon... Resto Hardware duvee rather nice... header bolt fell off Duc...

tags: virus


Comments

osx ftw


osx ftw

Chris

Hate mac fanboys so much...



Related - internal

Some posts from this site with similar content.

Post
2007.12.19

Spoken

 So there's the front turbo. And I put the HID assembly on the Duc (thanks to Connie). The bulb replacement was exact, the ballast was easily tucked in front of the gauge cluster. It's whiter, brighter, and uses something like 35W versus 55W. So a HI...
Post
2022.06.03

The decline of user data storage

 Trying to find out how many files are in a Google Drive directory precipitates a short rant about the big picture.
Post
2010.08.01

Starcraft

 Initial thoughts on Starcraft II.I and photographing paintball from the trenches.

Related - external

Risky click advisory: these links are produced algorithmically from a crawl of the subsurface web (and some select mainstream web). I haven't personally looked at them or checked them for quality, decency, or sanity. None of these links are promoted, sponsored, or affiliated with this site. For more information, see this post.

Has a preview image link and yet 404 :/
www.bentasker.co.uk

The Curious Case of BitFi and Secret Persistence | www.bentasker.co.uk

 For some slightly obscure reasons I've recently found myself looking at theBitfihardware wallet and some of the claims the company make, particularly in relation to whether or not it's actually possible to extract secrets from the device.The way the device is supposed to work is that, in order to (say) sign a transaction, you use an onscreen keyboard to enter a salt, and a >30 char passphrase.The device then derives a private key from those two inputs, uses it and then flushes the key...
blog.quarkslab.com

Android Data Encryption in depth - Quarkslab's blog

 Join us in our journey into modern Android's Data Encryption at rest, in which we study how it works and assess how resistant it is against attackers having access to a range of high end software vulnerabilities.
parsiya.net

Cheat Sheet

Created 2024.07 from an index of 305,251 pages.