Jump to content

injection virus

DDSS

By DDSS
in AutoIt General Help and Support

 Share
Go to solution Solved by argumentum,

Recommended Posts

DDSS Seeker

DDSS

Posted
Posted 
I have some kind of injection virus, probably a dll... I found some dll and rg_binary in my windows registry!
I wanted to know if anyone could help me? How can I remove or read these dlls and how does it work to understand rg_binary

I noticed that autoit has support for dll, handling possessions. I'm new, I don't know, and autoit... I came here to ask for help for those who already have experience in the language! what keywords should I use! which objects are worth taking a closer look at, if there is any way to develop a code with the ability to read rg_binary

bn.png.3b46ba67647b08db452b47870734554a.pngdll.png.79d0530874bee034a505f5436dea659f.pngdllcaminho.png.5179742d4f2baacf39b03518180bb922.pngdllcaminho2.png.0e717fd084615b526d219b0ec0b0378e.png

argumentum Universalist

argumentum

Posted
Posted
  On 2/15/2024 at 4:27 AM, DDSS said:

I have some kind of injection virus, probably a dll... I found some dll and rg_binary in my windows registry!

Expand  

When in doubt, I, erase the drive and reinstall the OS.
Hope you back up,  back up,  back up. That's my best advise.

Unless you wanna play CSI like on TV and do forensics.

Follow the link to my code contribution ( and other things too ).
FAQ - Please Read Before Posting.
autoit_scripter_blue_userbar.png

DDSS Seeker

DDSS

Posted
  • Author
Posted
  On 2/15/2024 at 5:45 AM, argumentum said:

Not really. I don't code DLLs. I have no experience with that. Microsoft has this Visual Studio one can write DLLs with.
But it takes years to learn that stuff. I don't know how to guide you. :( 

Expand  

No problem, Visual Studio is very complicated to install! needs many libraries (but gaps for injections and viruses of all types)!

Is there no other tool?

argumentum Universalist

argumentum

Posted
Posted

You can try disassemblers ? But then again, can you interpret machine code, or ASM ?.
Even if you did, it would not tell you where you got it from. And if you poke the wrong people/IP, can you defend yourself ?. I would let it go.

Then again, if this is what propels you in to a carrier in cyber security or becoming a programmer, go for it.
There is no better incentive than an itch in the brain.

Follow the link to my code contribution ( and other things too ).
FAQ - Please Read Before Posting.
autoit_scripter_blue_userbar.png

Andreik Universalist

Andreik

Posted
Posted

You can look at exported function with any dll export viewer (there are many) or if you want to see what these functions actually do you can use a disassembler but requires some expertise.

How is this related to AutoIt anyway?

  • Moderators
Melba23 Universalist

Melba23

Posted
  • Moderators
Posted
  Quote

How is this related to AutoIt anyway?

Expand  

It is not. Thread locked.

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

  Reveal hidden contents

 

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...