Research Links
- Detailed description of how Banco do Brasil security module behave
- Process Monitor – download
- Delete the G buster plugin files by using a boot disk – 1 – Uses Hirens boot CD Download Hirens boot CD here ( I think …they do not make identifying affiliation easy) How to burn to CD
- G buster horrible by design uses a linux boot disk Uses: Trinity Rescue Linux Boot disk – still deciding if this one is kosher to use
Notes
- This module is also referred to as G Buster
Tools
- SysInternals Autoruns
- SysInternals Main Page – has presentations that appear to be very valuable.
- SysInternals Process Monitor
- Hirens boot cd – Hirens boot cd on wikipedia
- Trinity Rescue Kit – Boot disk based on Linux
Side Notes
- Profile of cyber crime in brazil – an interesting article about how they work
- Trinity Rescue kit site uses: Bart's content management studio: Which is based on CodeCharge Studio – CodeCharge Studio on Wikipedia
Resolution
- I tried using a 2 different boot disks but both times I could not see the file structure on the hard drive in question.
- Popped the hard drive out of the machine and connected it as an external drive on another box. At this point I could see the files I needed to delete. I deleted the GpPlugIn folder
- Placed the hard drive back in the original machine and ran SysInternals program: Autoruns. I hand edited the registry to delete all the keys that referred to the now deleted files. They are easy to find because they are highlighted yellow to signify that they are missing.
0 Comments