Astral Viking (kriatyrr) wrote,
Astral Viking
kriatyrr

  • Mood:
  • Music:

another amusing day at work..

Was called into the Auditorium where they had trouble printing.

The computer the printer was connected to was turned off. -_-'

But I took a look at the running processes in Task Manager, as I am wont to do, and was shocked at the sheer amount of malware. I could've sworn some of those had to be viruses, but Norton didn't react to anything, so I guess it must've been plain old spyware. (And yes, I did use EICAR to check that it was working at all)

Removing most of it was no problem at all thanks to HijackThis, but one persisted. Something called TVMedia or some such thing.. BHO, an exe and two dlls, runs at startup (entries both under CURRENT_USER and LOCAL_COMPUTER), won't be deleted (that goes for both the files and the registry entries).

Used HijackThis's lovely processes manager, which has an option to display which dll files a process is using. Not surprisingly, it was explorer.exe which used the tvmedia dll files. So I killed explorer, deleted the files, meeting no resistance this time, restarted explorer and used HijackThis to remove the entries for the now-deleted nastiness.

My winning streak against malware continues. I should spend more time on the computers in the auditorium.. I'm sure the other ones are chock full of spyware too. I just casually checked one that had been left on, and it had some gator stuff on it. How boring.
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment