Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Hacking Techniques :: fix20.txt

Fixing SubSeven 2.0 BKI:

HackFix - SubSeven - Fix v2.0

NOTE: You should print this page for reference before starting.

Step one is to go to your Start menu, click Shutdown, and select "Restart
the computer in MS-DOS mode", then click ok.
When you do this, you should be in MS-DOS looking at a c:\windows\ prompt.
This version places itself at c:\windows\rundll16.exe

Simply type
del rundll16.exe
This will delete the trojan.

If this errors, you may need to type
attrib rundll16.exe -h
to remove the hidden flag, and then type the delete command above.

Type exit to return to windows.

Note that when Windows starts, you may see a number of errors about a
missing file. Simply click OK to dismiss this warning and continue below to

Next, use Windows Explorer to open the C:\windows\ directory, then find the
file titled system.ini
Simply double click this file to open it in a text editor.

Look for a line that begins with shell=
This line Should read shell=explorer.exe
If you are infected with this version however, it will read
shell=explorer.exe trojanname.exe

Simply delete the trojan name from the end so it matches the correct line
above, save the file and close it.

Your now disinfected!

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH