Hello, pvpers.
I've downloaded obilisko's buffer (at least he claims so). After executing the file copies itself as "firefox.exe", creates a directory in windows\system folder (the created folder is named "install") and creates an EXE there; writes to HKLM and HKCU /Software/Microsoft/Windows/CurrentVersion/Run/ a key to start this "Winupdate.exe" (which starts several times "firefox.exe" and causes exceptions on Windows 7 :p ) so that it loads when the OS starts, closes RegEdit if opened, closes MSConfig if opened, etc. etc.
Now: KID (obilisko I mean), when you (probably not you wrote this code but anyway) write such code here are some tips:
1) don't write a key to Run section of the Registry, IT'S LAME! :mad:
2) at least create a mutex of semaphor for this firefox.exe so it won't start several times. In your case IT'S LAME! :mad:
3) try to think of a more original name of the file, yours IS LAME! :mad:
Seems my kung-fu is better than yours :P
Duh, kids... when I wrote such things you've tried to crawl under the table!!! Damn kids...
Peace to all
P.S. to prove my words here are some attachments...
P.P.S for everyone who "tried" this buffer - just load the OS in safe mode and remove the keys (in HKLM and HKCU), delete the install folder in (by default) "c:\windows\system32" folder and everything (AFAIK) will be fine. I'll watch my PC for suspicious thingies, but IMO that's all.
I've downloaded obilisko's buffer (at least he claims so). After executing the file copies itself as "firefox.exe", creates a directory in windows\system folder (the created folder is named "install") and creates an EXE there; writes to HKLM and HKCU /Software/Microsoft/Windows/CurrentVersion/Run/ a key to start this "Winupdate.exe" (which starts several times "firefox.exe" and causes exceptions on Windows 7 :p ) so that it loads when the OS starts, closes RegEdit if opened, closes MSConfig if opened, etc. etc.
Now: KID (obilisko I mean), when you (probably not you wrote this code but anyway) write such code here are some tips:
1) don't write a key to Run section of the Registry, IT'S LAME! :mad:
2) at least create a mutex of semaphor for this firefox.exe so it won't start several times. In your case IT'S LAME! :mad:
3) try to think of a more original name of the file, yours IS LAME! :mad:
Seems my kung-fu is better than yours :P
Duh, kids... when I wrote such things you've tried to crawl under the table!!! Damn kids...
Peace to all
P.S. to prove my words here are some attachments...
P.P.S for everyone who "tried" this buffer - just load the OS in safe mode and remove the keys (in HKLM and HKCU), delete the install folder in (by default) "c:\windows\system32" folder and everything (AFAIK) will be fine. I'll watch my PC for suspicious thingies, but IMO that's all.