2008년 01월 18일
아리 프로그램 마비시기키
I don't want fu**ing useless children to learn a method. Writing in English will help. A fu**ing child only who learn English will understand.
Let's understand how 아리 can not be show in Task Manager.
아리 doesn't use EXE file. Running EXE is vulnerable for users. So Ari and some other fu**ing spyware like "Protect your computer" shows in Notification area use dll which attached to 'explorer.exe'. 'explorer.exe' is not 'Internet Explorer', but GUI shell we use. "SysManager.dll" in your 'SYSTEM32'(usually "c:\windows\system32\", anyway it doesn't matters) directory has all power to recover itself and the other component for Ari.
Whether you find 'SysManager.dll', you can't kill the dll. When you kill dll's thread, the loaded dll in memory and other hidden dll recover it and make 'agent.exe' in your 'SYSTEM32' directory. This kind of skill widely used in many spywares, and it is REALLY sucks! Anyway, don't kill the dll but suspend it. 'agent.exe', 'SysManager.dll' and 'urlmain.dll' in your 'SYSTEM32' dir help each other survive and keep running.
double click 'explorer.exe' in list and go to Thread property page. Then, click 'SysManager.dll' and Suspend button.
Suspending 'SysManager.dll' does nothing. The dlls still loaded in memory and work fine now. Now, go to your 'SYSTEM32' dir and find 'SysManager.dll'. Rename it. You may need to choose easy name for it to recover Ari not to notify what you done. When 'explorer.exe' being loaded, it execute 'agent.exe' and load 'SysManager.dll'. 'agent.exe' doesn't matter because its fuction is helping 'SysManager.dll'. So suspend and rename the dll means 'ari sentenced to death.'
Restart your system. It's done! To recover Ari, just name dll 'SysManager.dll' again and reboot.
Let's understand how 아리 can not be show in Task Manager.
아리 doesn't use EXE file. Running EXE is vulnerable for users. So Ari and some other fu**ing spyware like "Protect your computer" shows in Notification area use dll which attached to 'explorer.exe'. 'explorer.exe' is not 'Internet Explorer', but GUI shell we use. "SysManager.dll" in your 'SYSTEM32'(usually "c:\windows\system32\", anyway it doesn't matters) directory has all power to recover itself and the other component for Ari.
Download "Process Explorer" and lunch it. It's your matter. The program is small and standalone.
Whether you find 'SysManager.dll', you can't kill the dll. When you kill dll's thread, the loaded dll in memory and other hidden dll recover it and make 'agent.exe' in your 'SYSTEM32' directory. This kind of skill widely used in many spywares, and it is REALLY sucks! Anyway, don't kill the dll but suspend it. 'agent.exe', 'SysManager.dll' and 'urlmain.dll' in your 'SYSTEM32' dir help each other survive and keep running.
Suspending 'SysManager.dll' does nothing. The dlls still loaded in memory and work fine now. Now, go to your 'SYSTEM32' dir and find 'SysManager.dll'. Rename it. You may need to choose easy name for it to recover Ari not to notify what you done. When 'explorer.exe' being loaded, it execute 'agent.exe' and load 'SysManager.dll'. 'agent.exe' doesn't matter because its fuction is helping 'SysManager.dll'. So suspend and rename the dll means 'ari sentenced to death.'
After suspending the dll, rename it. If you didn't suspend the dll, it will appear again!
Restart your system. It's done! To recover Ari, just name dll 'SysManager.dll' again and reboot.
Hasta la vista
Ari:Help me! explorer and my 'agent' can't load me!
Ari:Help me! explorer and my 'agent' can't load me!
# by | 2008/01/18 23:03 | Look what I've done | 트랙백(1) | 덧글(20)
☞ 내 이글루에 이 글과 관련된 글 쓰기 (트랙백 보내기) [도움말]
제목 : Yupki악마의 생각
아빠가 아리 걸어두셔서 마비시켰지요~♬...more
정말 잘 쓰고 있어요!!
근데 요즘 초딩은 다 해석할 수 있을거 같은데..(중심문장만 해석해서)
다시 로그인 하니
suspend하기 전 시간 그대로 남아있네요
폭주 ㄱㄱ;;
저는 인터넷시간..
인터넷막는건 안사라지던데요...
그건 어떻게 해야되는거에여? 좀 알려주실수 있남..