penny said:
cannot find shell.dll.
found solution to find and copy it to relevant directory
that program requires BUT each time program is reloaded,
the shell files need to be copied.
Anyone know how to keep the file, as windows keeps
deleting it?????
Thanks
Here's a copy of an older post that may still be relevant to you:
An interesting thing was found by another poster, Joe Parish. Here's a
bit of his post:
".. concrete difference I've been able to find is a service with a
display name of "Network Security Service" called "__NS_SERVICE_3". I
only have before logs on 8 other machines. Out of all 10 machines 7
have that service, named "__NS_SERVICE", "__NS_SERVICE_2", or
"__NS_SERVICE_3" with what appears to be a randomly named EXE in c
\windows\system32. Right now it's the only real good lead I've seen.
Trendmicro calls it TROJ_AGENT.Z2, but the tech details make no
mention of shell.dll. I've done a bit of digging, but not come up with
anything else to tie and TROJ_AGENT variants to this problem."
Apparently this service is coming from the CoolWeb Search malware, which
makes itself into this service. This explains why we've been seeing a
rash of "shell.dll missing" posts in the newsgroup lately. So I'd
disable the service in Safe Mode and do all the "normal" spyware
removal steps (which are getting longer and more complicated),
i.e.:Remove spyware with Spybot Search & Destroy from
www.safer-networking.org and Ad-aware from
www.lavasoftusa.com. Be sure
to update these programs before running them. These programs are free,
so run them both since they complement each other. It is best to run
antivirus and spyware removal tools in Safe Mode. You may also need to
run CWShredder and HijackThis from
http://www.spywareinfo.com/~merijn/index.html. Please read the
instructions carefully and do not post your HijackThis log in this
newsgroup. A great resource for dealing with spyware is the forum on
http://www.spywareinfo.com. Also, make sure you've visited Windows
Update and applied all security patches. Make sure you are running a
firewall and a current antivirus with updated definitions.
Malke