I had the same problem. This is the nastiest virus I have ever had to deal
with. Somehow it infected internet explorer and explorer. It starts off as
"dssoundi.dll" then it creates another DLL file with a random name. It also
creates a randomly named EXE file with a clone OCX file of about 140KB in the
system32 folder. These are next to impossible to delete. The EXE file runs
constantly in the background, and as soon as explorer or another program
finds that the EXE file has been deleted, it deletes the OCX file and makes
another randomly named EXE and OCX file. Download these programs to help you
delete and detect the files:
WinPatrol
Unlocker
Also, learn how to use your command prompt in safe mode. You are going to
have to kill the EXE file and it doesn't always come up in task manager and
it also fools with your task manager too. Delete the registry files
(
http://www.trendmicro.com/vinfo/viru...%2EAMV&VSect=T)
using regedit (START->RUN type in regedit and hit enter) and then find,
unlock, and delete the DLL files.
Here comes the tough part...
Restart the computer, and as soon as you see a black screen with a small
blinking white bar, start pressing F8 until the options come up. Select
"Safe Mode with Command Prompt." Let it boot up, and then close explorer and
task manager. In the command prompt (START->RUN type in cmd and hit enter if
you already closed it by accident) type in...
CD C:\WINDOWS\system32
tasklist
TASKKILL /F /T /IM file.exe
del file.exe
del file.ocx
You may have to unlock the OCX file before you delete it, so using the task
manager, go to FILE->RUN->BROWSE and then find the file, right click, and
unlock it. Also, tasklist will only tell you what tasks are running
regardless of what task manager says.
After all this, get a flash drive or floppy and put explorer.exe and
iexplore.exe on it from another PC and replace those files on your computer.
Fun huh? Actually, I am not even sure if this works fo really. That is
what I did so far. I still have yet to test it out.
Similar Threads
