Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jan 8th, 2009, 12:59pm
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   Zhelatin-n-Blog		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Zhelatin-n-Blog  (Read 233 times)
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
Zhelatin-n-Blog
« on: Aug 20th, 2007, 1:25pm »		 Quote Quote  Modify Modify
there has been some discussion in the misec blog about "zhelatin".. can someone tell me how "zhelatin", once it has infected a computer, manages to run? does it have a startup-regkey? in what i have read and seen about "zhelatin" i have never seen any mention of any regkeys that it uses, if it uses any.. i would like to know how it manages to run..  
 
(i guess i should have posted this in the "trojan" forum)
« Last Edit: Aug 20th, 2007, 6:02pm by redwolfe_98 » IP Logged
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4121
Re: Zhelatin-n-Blog
« Reply #1 on: Aug 20th, 2007, 6:33pm »		 Quote Quote  Modify Modify
It actually patches (infects) the tcip.sys driver file to autostart. So if you're infected with it, you need to replace tcpip.sys from backup when cleaning the trojan.
IP Logged
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
Re: Zhelatin-n-Blog
« Reply #2 on: Aug 21st, 2007, 6:07pm »		 Quote Quote  Modify Modify
thanks for the answer, magnus..
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register