Quote:
|
Originally Posted by sailor
Look in the registry, in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify. If you have a key in there that is 5 letters long, usually with at least on character that is repeated once (but NOT cscdll), that is the file that's causing you so much trouble. But here's the trick--because it is part of the winlogon process, you can't delete it from Windows, even in safe mode. Boot using Knoppix or something like that and delete the file by that name (whatever.dll) from C:\Windows\System32. Then reboot into windows and remove that registry key.
Virtumonde is a sonofabitch. We see it all the time at work.
|
you just made this all seem easy
the little removal tool i got seemed to have removed it, i don't see any other 5 letter folder things listed in that folder other than cscdll
does anyone know where this bug comes from? all i've downloaded recently was a couple WMV vids from putfile and other random uploaders