Backdoor Optix 12
reverence
I encountered it while running Norton Antivirus, which told me I had
an file infected with Optix.12.
The file was c:\windows\winampw.exe
My mistake was in quarantineing it, because once the file is removed,
no .exe files can be executed!
I was in serious trouble, but somehow I was allowed to get into an
explorer window.
From there, I created a batch file by right clicking -> New -> text
document.
(Make sure you have "Hide Known File Extentions" *Unchecked* in Folder
Options.)
Type the words "C:\windows\regedit.exe" into the text file.
Rename the file "something.bat".
Run it.
Yay! Into RegEdit.
Now, I had to go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command'
and change the value from ‘winampw.exe "%1" %*' to ‘"%1" %*'
Now I had regained control over my system.
Finaly, I ran a rescan of Norton AV, and everything was clear.
Just thought I would post this as a resource for anyone who is in a
similar situation
-the rev
FromTheRafters
"reverence" <mattj...@hotmail.com> wrote in message news:556bb1ba.0304...@posting.google.com...
Thanks, I didn't know the batchfile would get around the
exefile thingy. Just so that you know, it is easier to rename
regedit.exe to reg.com to run it (using reg.com rather than
regedit.com also gets around some process killers targeting
regedit).
Lurker
"FromTheRafters" <!00...@nomad.fake> wrote in message
news:va159ub...@corp.supernews.com...
>
> "reverence" <mattj...@hotmail.com> wrote in message
news:556bb1ba.0304...@posting.google.com...
> > Just thought I'd share my experiences with Backdoor.optix.12
> >
> > (Make sure you have "Hide Known File Extentions" *Unchecked* in Folder
> > Options.)
> > Type the words "C:\windows\regedit.exe" into the text file.
> > Rename the file "something.bat".
<snip for brevity>
>
> it is easier to rename
> regedit.exe to reg.com
>
Better to COPY regedit.exe to "Re.com"
Do it now. Kills several birds with one large rock, and leaves all shortcuts
working meanwhile.
L