There is a new class of malware/adware/virus/trojan that
is neither found nor
fixed using the conventional tools, such as Norton,
McAffee, Lavasoft, etc.
It is based on a super hidden dll that is not detectable
by the OS, even in
safe mode. A full discussion can be found at
http://www.pcsympathy.com/sutra1193.html
including a link to a simple but effective tool called
xfind.
http://home.mnet-online.de/horst.muc/int/find23.zip
Basically, this simple tool can search for files, but it
reports the name of
the file that it cannot read. In my case it was
comjiac.dll. That is the
malware executive that keeps reinfecting the machine. It
is loaded from the
registry key under the AppInit_Dlls but that key remains
invisible and
unreadable by inheriting the file permissions. Once you
know the name from
xfind, you rename or delete using the repair console.
Once the name has
changed, the registry key now appears with normal
permissions and can be
deleted.
For those that are curious, Win2k and XP supports file
permissions that do
not let the file be read or modifed by anyone including
the OS itself. It is
super-super hidden, which is why the anti-virus programs
cannot find it.
However, the registry console apparently does not
consider file permissions
when doing simple operations such as dir, rename, or
delete. xFind gives you
the name, the repair console allows you to kill it, and
regedit allows you to
kill the load process.
Please pass along this information to other software
forums. It took me a
day of searching with google to find the kind person who
copied the recipe
from another site.
Copied with Permission
-----Original Message-----
thanks for ur reply have spywareblaster installed have
just used cw shredder didnt work either will check out
spyware guard. I suspect I will have to go in to the
rgstry wich I know very little about thank you for ur
reply....... ufo007
-----Original Message-----
SpywareGuard and SpywareBlaster
{]:~)
.
.
