Thread: nex genera virus - vista
View Single Post
  #10 (permalink)  
Old 08-01-2007, 04:25 AM
prasannavigneshr prasannavigneshr is offline
D-Web Incredible
  
Join Date: Feb 2007
Posts: 1,321
prasannavigneshr is on a distinguished road
Send a message via MSN to prasannavigneshr
Default Re: next genera virus - vista
yes... the virus is an additional ADS stream tacked onto \system32. It is not a separate file.

I don't know what version of Vista you have but I have ultimate which is really helpful with its Boot recovery code. I also don't know if ordinary Notepad will work as I used Notepad2 which was pre-installed on my system. What I did was to open the file: system32:Lzx32.sys.

Notepad2 actually opened the virus. I cut the virus and then saved the file STREAM. LADS is not needed actually once you knows what the file is.

if your version of notepad won't work and if you can't install Notepad2 on a UFD drive then write a simple program in vb6 or C++ that opens the system32:Lzx32.sys, writes "" into it and then closes the files. That's all there is to it.
__________________
Prasanna Vignesh
MCPD | Web Developer
Reply With Quote