Installing Flash has also put an update checking malware app onto my PC. Working towards eliminating this - using procexp on the nag screen I found it was running as "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe", command line "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe" -update plugin".
Deleting ..plugin.exe looks like it might, well, delete the browser plugin, so instead I've deleted C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe, will see if that works.
I can't work out how the malware is running, despite its name it isn't installed as a service so far as I can see.
The above entry was made on Aug 29th - since then the malware has somehow reinstalled itself. Deleted it again.
Anti-nuisance lawsuit warning: The purpose of these notes is to remind me, Zoegond, of stuff or to help me work stuff out. They may contain mistakes.
Quick
- ($a, $b....) = unpack("A2A7...", $packed)
- push( array, list )
