Page 1 of 1

recent trojaned urls

Posted: Mon Apr 05, 2004 1:36 pm
by munky
just a warning for all IE users out there
there are some exploits going around that use an unpatched IE vulnerability. do not visit websites with the following in the URL:
** ** ** ** ** ** **

one claimed workaround is the following regedit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}]
"Compatibility Flags"=dword:00000400

as for right now, i don't know the current recommended method for fixing/removing the worm

Posted: Mon Apr 05, 2004 2:42 pm
by munky
from Rats:
its in remotes in mirc, and you delete dllhost32.exe in safemode.
dllhost32.exe is a fake bin, the real one is dllhost.exe, and you delete 2 strings in regedit wich shows dllhost32.exe "as" the real one and then you are done
if anyone has any other firsthand experiences removing this, i'd love to hear them

Posted: Mon Apr 05, 2004 3:41 pm
by munky
i was just linked to this: ... php?t=1040

another set of instructions for removal.
NOTE: i have not tested these personally, so be wary of the linked exe (ie - it's not my fault if it's another virus)

Posted: Tue Apr 06, 2004 2:29 pm
by munky
add ** and ** to the list of bad URLs

and **, **, **