| | |

Mamakcafe.com Malaysia Forum | Technology  | Property | Web Hosting & Domain | Online Marketing forum

 Forgot password?
 Register with Mamakcafe
Search
BigDomain.my  Free Website Builder dear user, mamakcafe is a free service, please do not be provocative and offensive to others user. if user are found to be offensive, it will be removed from the system and permenently banned
View: 3176|Reply: 0

damaged on xiao.vbs worm on NAV 10 corporate edition

[Copy link]

25

Threads

0

Friends

110K

Money

Administrator

Rank: 9Rank: 9Rank: 9

Post time: 24-7-2008 12:39 PM
|Show all posts

I've surfed on the internet for weeks on solutions for the corruption of NAV 10 corporate edition but there's no cure, but I have managed to find the registry entries that cause the problems

 

Besides adding wscript.exe xiao.vbs into registry to allows the worm to auto reload,

Initial infection of Xiao.vbs will disable the auto protections of NAV 10 corporate edition by addiing entries to registry

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

 

ccapp.exe

ccevtmgr.exe

ccsetmgr.exe

defwatch.exe

 

NAV 10 CE will not load by showing , Auto protect has been disabled.  And the services.msc in control panel , Symantec Def Watch services will not be able to start ,  eventhough you will not able to re-install the NAV CE 10 also

 

The solutions is simple, simply change the name to ccapp.exe under "image file execution options" registry or simply remove it. then re-start the services in by going into services.msc  , it will function normally. 

 

Do  the same with the other files

 

Please refer to what I did in the picture

registry by xiao.JPG
Reply

Use magic Report

RM5.99 Malaysia Domain names with FREE Hosting @ bigdomain.my

Mobile| Archive| Mamakcafe.com a Malaysia Forum | Technology | Property | Web Hosting & Domain | Online Marketing forum , hosted on Bigdomain.my

22-5-2019 09:38 AM GMT+8 , Processed in 0.085250 sec., 24 queries .

Powered by Discuz! X2.5

Release 20121101, © 2001-2019 Comsenz Inc.

MultiLingual version, Rev. 85, © 2009-2019 codersclub.org

To Top