Very Important: fixing unfixable malware

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

There is a new class of malware/adware/virus/trojan that is neither found nor
fixed using the conventional tools, such as Norton, McAffee, Lavasoft, etc.
It is based on a super hidden dll that is not detectable by the OS, even in
safe mode. A full discussion can be found at

http://www.pcsympathy.com/sutra1193.html

including a link to a simple but effective tool called xfind.

http://home.mnet-online.de/horst.muc/int/find23.zip

Basically, this simple tool can search for files, but it reports the name of
the file that it cannot read. In my case it was comjiac.dll. That is the
malware executive that keeps reinfecting the machine. It is loaded from the
registry key under the AppInit_Dlls but that key remains invisible and
unreadable by inheriting the file permissions. Once you know the name from
xfind, you rename or delete using the repair console. Once the name has
changed, the registry key now appears with normal permissions and can be
deleted.

For those that are curious, Win2k and XP supports file permissions that do
not let the file be read or modifed by anyone including the OS itself. It is
super-super hidden, which is why the anti-virus programs cannot find it.
However, the registry console apparently does not consider file permissions
when doing simple operations such as dir, rename, or delete. xFind gives you
the name, the repair console allows you to kill it, and regedit allows you to
kill the load process.

Please pass along this information to other software forums. It took me a
day of searching with google to find the kind person who copied the recipe
from another site.
 
If you don't mind I'd like to copy this info and use the
next time I see someone with this problem.
I'll put copied with permission or something like that?
 
Just copy it and spread the word. If you check the main link, I got it from
another kind engineer, who got it from someone else. My guess is that Norton,
McAffee, Lavasoft and others know about it but they are cornered by MS.
Their programs run under the OS (W2k or XP) and use the OS for file services.
The OS cannot see the super hidden file--the anti-virus software cannot
either. Only techno-nerds can use such tools as a dos box and the repair
console.

My guess is that MS included this "feature" so that they could hide some
components of the OS from even the smartest computer reverse engineering. Now
it comes back to bite them big-time.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top