obilisko's "buffer" is suspicious
I've downloaded obilisko's buffer (at least he claims so). After executing the file copies itself as "firefox.exe", creates a directory in windows\system folder (the created folder is named "install") and creates an EXE there; writes to HKLM and HKCU /Software/Microsoft/Windows/CurrentVersion/Run/ a key to start this "Winupdate.exe" (which starts several times "firefox.exe" and causes exceptions on Windows 7
) so that it loads when the OS starts, closes RegEdit if opened, closes MSConfig if opened, etc. etc.Now: KID (obilisko I mean), when you (probably not you wrote this code but anyway) write such code here are some tips:
1) don't write a key to Run section of the Registry, IT'S LAME!
2) at least create a mutex of semaphor for this firefox.exe so it won't start several times. In your case IT'S LAME!
3) try to think of a more original name of the file, yours IS LAME!
Seems my kung-fu is better than yours :P
Duh, kids... when I wrote such things you've tried to crawl under the table!!! **** kids...
Peace to all
P.S. to prove my words here are some attachments...
P.P.S for everyone who "tried" this buffer - just load the OS in safe mode and remove the keys (in HKLM and HKCU), delete the install folder in (by default) "c:\windows\system32" folder and everything (AFAIK) will be fine. I'll watch my PC for suspicious thingies, but IMO that's all.
