Windows Defender detection of Vundo trojan

[Guest ColBla]

Apologies if this is the wrong board for this - if so, happy to re-post in a

more appropriate place, just tell me where !

 

Windows Defender keeps reporting an infection with Vundo.gen!E. The advice

on the MS site says remove it using an AV program. I use McAfee, but when I

run a scan it can't find it - checking the update status of McAfee, I have

the right updates that should detect this version of Vundo. So I can't

actually follow the "how to remove" advice. So is Defender giving a false

positive, or should I be really worried because I seem to have an infection

that McAfee can't find ? Any advice on how to proceed gratefully received.

 

Not sure whether this is relevant or not, but since getting the first Vundo

detections, in the same account that apparently hosts Vundo, the user gets a

message on logon to the effect that the system can't find a file

opnkjghf.dll. Could this be related to the Vundo problem ?

 

System:

XPSP2

IE7

Windows Live Mail

Windows auto-update checked ON

AV & Firewall: McAfee, latest engines & updates installed.

 

Thanks in advance

[Guest Maurice N ~ MVP]

It would not surprise me in the least that "opnkjghf.dll" is a trace of malware.

 

Use Windows' Disk Cleanup to delete all temporary files.

 

Download & save Malwarebytes Anti-Malware from

http://www.besttechie.net/tools/mbam-setup.exe or

http://malwarebytes.gt500.org/mbam.jsp

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL Scan, then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the entire report in a new reply as soon as it has finished.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

 

MBAM is an excellent first-line program to use and keep.

 

Checking for/Help with Malware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal...n:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine.blogspot.com/

http://www.elephantboycomputers.com/page2....emoving_Malware

 

Help at malware removal forums: Read the topmost directions at the forum and Post your logs as required by the forum to one (and only one) of the following

http://aumha.net/viewforum.php?f=30,

http://www.bleepingcomputer.com/forums/forum22.html,

http://forum.malwareremoval.com/viewforum.php?f=11

http://forums.spywareinfo.com/index.php?showforum=18

http://www.spywarewarrior.com/viewforum.ph...c0ca7ab9210f7ae,

http://forums.subratam.org/index.php?showforum=7,

http://forums.spybot.info/forumdisplay.php?f=22

or other appropriate forums for expert analysis, not here.

 

Make very sure you read and follow the very topmost instructions at the forum you have selected.

Do NOT post your logs here.

 

--

Maurice Naggar

MS-MVP

-----

 

"ColBla" <ColBla@discussions.microsoft.com> wrote in message news:6DDC8686-815A-4194-BEA4-52E8D2398F67@microsoft.com...<span style="color:blue">

> Apologies if this is the wrong board for this - if so, happy to re-post in a

> more appropriate place, just tell me where !

>

> Windows Defender keeps reporting an infection with Vundo.gen!E. The advice

> on the MS site says remove it using an AV program. I use McAfee, but when I

> run a scan it can't find it - checking the update status of McAfee, I have

> the right updates that should detect this version of Vundo. So I can't

> actually follow the "how to remove" advice. So is Defender giving a false

> positive, or should I be really worried because I seem to have an infection

> that McAfee can't find ? Any advice on how to proceed gratefully received.

>

> Not sure whether this is relevant or not, but since getting the first Vundo

> detections, in the same account that apparently hosts Vundo, the user gets a

> message on logon to the effect that the system can't find a file

> opnkjghf.dll. Could this be related to the Vundo problem ?

>

> System:

> XPSP2

> IE7

> Windows Live Mail

> Windows auto-update checked ON

> AV & Firewall: McAfee, latest engines & updates installed.

>

> Thanks in advance</span>

[Guest Milo]

Be advised the Vundo.Gen!E - Gen correspond to generic detection its based

on a heuristic pattern wherein a finger print code of the vundo is visible

and was seen on such file

that its why its being tagged as a part of Vundo family.

 

"ColBla" <ColBla@discussions.microsoft.com> wrote in message

news:6DDC8686-815A-4194-BEA4-52E8D2398F67@microsoft.com...<span style="color:blue">

> Apologies if this is the wrong board for this - if so, happy to re-post in

> a

> more appropriate place, just tell me where !

>

> Windows Defender keeps reporting an infection with Vundo.gen!E. The advice

> on the MS site says remove it using an AV program. I use McAfee, but when

> I

> run a scan it can't find it - checking the update status of McAfee, I have

> the right updates that should detect this version of Vundo. So I can't

> actually follow the "how to remove" advice. So is Defender giving a false

> positive, or should I be really worried because I seem to have an

> infection

> that McAfee can't find ? Any advice on how to proceed gratefully received.

>

> Not sure whether this is relevant or not, but since getting the first

> Vundo

> detections, in the same account that apparently hosts Vundo, the user gets

> a

> message on logon to the effect that the system can't find a file

> opnkjghf.dll. Could this be related to the Vundo problem ?

>

> System:

> XPSP2

> IE7

> Windows Live Mail

> Windows auto-update checked ON

> AV & Firewall: McAfee, latest engines & updates installed.

>

> Thanks in advance </span>

[Guest PA Bear [MS MVP]]

Microsoft has established separate newsgroups for Windows Defender support

and comments. This is not one of them.

 

See

http://www.microsoft.com/athome/security/s...ps/default.mspx

 

TIP: Access these newsgroups using your default newsreader, not your

browser. See instructions on above page.

 

==========================

 

Unexplained computer behavior may be caused by deceptive software

http://support.microsoft.com/kb/827315

 

Run a /thorough/ check for hijackware, including posting your hijackthis log

to an appropriate forum.

 

Checking for/Help with Hijackware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal...n:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine2.blogspot.com/

http://www.elephantboycomputers.com/page2....emoving_Malware

 

When all else fails, HijackThis v2.0.2

(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in

conjuction with some other utilities). HijackThis will NOT fix anything on

its own, but it will help you to both identify and remove any

hijackware/spyware with assistance from an expert. Post your log to

http://aumha.net/viewforum.php?f=30,

http://forums.spybot.info/forumdisplay.php?f=22,

http://castlecops.com/forum67.html, or other appropriate forums for review

by an expert in such matters, not here.

 

If the procedures look too complex - and there is no shame in admitting this

isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

 

ColBla wrote:<span style="color:blue">

> Apologies if this is the wrong board for this - if so, happy to re-post in

> a

> more appropriate place, just tell me where !

>

> Windows Defender keeps reporting an infection with Vundo.gen!E. The advice

> on the MS site says remove it using an AV program. I use McAfee, but when

> I

> run a scan it can't find it - checking the update status of McAfee, I have

> the right updates that should detect this version of Vundo. So I can't

> actually follow the "how to remove" advice. So is Defender giving a false

> positive, or should I be really worried because I seem to have an

> infection

> that McAfee can't find ? Any advice on how to proceed gratefully received.

>

> Not sure whether this is relevant or not, but since getting the first

> Vundo

> detections, in the same account that apparently hosts Vundo, the user gets

> a

> message on logon to the effect that the system can't find a file

> opnkjghf.dll. Could this be related to the Vundo problem ?

>

> System:

> XPSP2

> IE7

> Windows Live Mail

> Windows auto-update checked ON

> AV & Firewall: McAfee, latest engines & updates installed.

>

> Thanks in advance </span>

[Guest ColBla]

Maurice

 

VMT for the steer about MBAM. Downloaded and have now run it 3 times:

1. Had to abort 1st scan part way through because I ran out of time. However

it found one file infected with Vundo and dealt with it.

2. 2nd scan ran all the way through and found a further infected file, again

successfully dealt with it.

3. Further scan did not find anything.

Have also run Defender without finding anything.

 

So I might think that the successful scans by MBAM and Defender ought to

mean the machine is now clean. But, in one of the four user accounts on the

machine - the same one in which the Vundo detections were - the user still

gets a DLL message on log-on; something seems to be looking for

"opnkjghf.dll", and not finding it.

 

So:

Any views on whether the machine is now clean ?

If so, how can I prevent the spurious DLL error appearing ?

If not, please advise whether it's worth transferring this discussion to one

of the specialist sites & I'll carry on there.

Also, any ideas of how I can prevent re-infection - McAfee is obviously as

much use as the proverbial chocolate fireguard ?

 

Thanks.

 

 

 

"Maurice N ~ MVP" wrote:

<span style="color:blue">

> It would not surprise me in the least that "opnkjghf.dll" is a trace of malware.

>

> Use Windows' Disk Cleanup to delete all temporary files.

>

> Download & save Malwarebytes Anti-Malware from

> http://www.besttechie.net/tools/mbam-setup.exe or

> http://malwarebytes.gt500.org/mbam.jsp

> Double Click mbam-setup.exe to install the application.

> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

> If an update is found, it will download and install the latest version.

> Once the program has loaded, select Perform FULL Scan, then click Scan.

> The scan may take some time to finish,so please be patient.

> When the scan is complete, click OK, then Show Results to view the results.

> Make sure that everything is checked, and click Remove Selected.

> When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

> The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

> Copy & Paste the entire report in a new reply as soon as it has finished.

> Extra Note:

> If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

> click OK to either and let MBAM proceed with the disinfection process.

> If asked to restart the computer, please do so immediately.

>

> MBAM is an excellent first-line program to use and keep.

>

> Checking for/Help with Malware

> http://aumha.org/a/parasite.htm

> http://aumha.org/a/quickfix.htm

> http://aumha.net/viewtopic.php?t=5878

> http://wiki.castlecops.com/Malware_Removal...n:_Introduction

> http://mvps.org/winhelp2002/unwanted.htm

> http://inetexplorer.mvps.org/data/prevention.htm

> http://inetexplorer.mvps.org/tshoot.html

> http://www.mvps.org/sramesh2k/Malware_Defence.htm

> http://defendingyourmachine.blogspot.com/

> http://www.elephantboycomputers.com/page2....emoving_Malware

>

> Help at malware removal forums: Read the topmost directions at the forum and Post your logs as required by the forum to one (and only one) of the following

> http://aumha.net/viewforum.php?f=30,

> http://www.bleepingcomputer.com/forums/forum22.html,

> http://forum.malwareremoval.com/viewforum.php?f=11

> http://forums.spywareinfo.com/index.php?showforum=18

> http://www.spywarewarrior.com/viewforum.ph...c0ca7ab9210f7ae,

> http://forums.subratam.org/index.php?showforum=7,

> http://forums.spybot.info/forumdisplay.php?f=22

> or other appropriate forums for expert analysis, not here.

>

> Make very sure you read and follow the very topmost instructions at the forum you have selected.

> Do NOT post your logs here.

>

> --

> Maurice Naggar

> MS-MVP

> -----

>

> "ColBla" <ColBla@discussions.microsoft.com> wrote in message news:6DDC8686-815A-4194-BEA4-52E8D2398F67@microsoft.com...<span style="color:green">

> > Apologies if this is the wrong board for this - if so, happy to re-post in a

> > more appropriate place, just tell me where !

> >

> > Windows Defender keeps reporting an infection with Vundo.gen!E. The advice

> > on the MS site says remove it using an AV program. I use McAfee, but when I

> > run a scan it can't find it - checking the update status of McAfee, I have

> > the right updates that should detect this version of Vundo. So I can't

> > actually follow the "how to remove" advice. So is Defender giving a false

> > positive, or should I be really worried because I seem to have an infection

> > that McAfee can't find ? Any advice on how to proceed gratefully received.

> >

> > Not sure whether this is relevant or not, but since getting the first Vundo

> > detections, in the same account that apparently hosts Vundo, the user gets a

> > message on logon to the effect that the system can't find a file

> > opnkjghf.dll. Could this be related to the Vundo problem ?

> >

> > System:

> > XPSP2

> > IE7

> > Windows Live Mail

> > Windows auto-update checked ON

> > AV & Firewall: McAfee, latest engines & updates installed.

> >

> > Thanks in advance</span>

> </span>

[Guest ColBla]

PA Bear

 

Many thanks for your interest & advice - at present though this looks like

it's a "Vundo removal issue" rather than a problem with Defender and I'm

getting useful advice from Maurice N on that. However, if it turns into a

need for support with Defender then I'll certainly open a thread over there

&/or use one of the more specialised forums.

 

 

"PA Bear [MS MVP]" wrote:

<span style="color:blue">

> Microsoft has established separate newsgroups for Windows Defender support

> and comments. This is not one of them.

>

> See

> http://www.microsoft.com/athome/security/s...ps/default.mspx

>

> TIP: Access these newsgroups using your default newsreader, not your

> browser. See instructions on above page.

>

> ==========================

>

> Unexplained computer behavior may be caused by deceptive software

> http://support.microsoft.com/kb/827315

>

> Run a /thorough/ check for hijackware, including posting your hijackthis log

> to an appropriate forum.

>

> Checking for/Help with Hijackware

> http://aumha.org/a/parasite.htm

> http://aumha.org/a/quickfix.htm

> http://aumha.net/viewtopic.php?t=5878

> http://wiki.castlecops.com/Malware_Removal...n:_Introduction

> http://mvps.org/winhelp2002/unwanted.htm

> http://inetexplorer.mvps.org/data/prevention.htm

> http://inetexplorer.mvps.org/tshoot.html

> http://www.mvps.org/sramesh2k/Malware_Defence.htm

> http://defendingyourmachine2.blogspot.com/

> http://www.elephantboycomputers.com/page2....emoving_Malware

>

> When all else fails, HijackThis v2.0.2

> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in

> conjuction with some other utilities). HijackThis will NOT fix anything on

> its own, but it will help you to both identify and remove any

> hijackware/spyware with assistance from an expert. Post your log to

> http://aumha.net/viewforum.php?f=30,

> http://forums.spybot.info/forumdisplay.php?f=22,

> http://castlecops.com/forum67.html, or other appropriate forums for review

> by an expert in such matters, not here.

>

> If the procedures look too complex - and there is no shame in admitting this

> isn't your cup of tea - take the machine to a local, reputable and

> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

> --

> ~Robear Dyer (PA Bear)

> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> AumHa VSOP & Admin http://aumha.net

> DTS-L http://dts-l.net/

>

>

> ColBla wrote:<span style="color:green">

> > Apologies if this is the wrong board for this - if so, happy to re-post in

> > a

> > more appropriate place, just tell me where !

> >

> > Windows Defender keeps reporting an infection with Vundo.gen!E. The advice

> > on the MS site says remove it using an AV program. I use McAfee, but when

> > I

> > run a scan it can't find it - checking the update status of McAfee, I have

> > the right updates that should detect this version of Vundo. So I can't

> > actually follow the "how to remove" advice. So is Defender giving a false

> > positive, or should I be really worried because I seem to have an

> > infection

> > that McAfee can't find ? Any advice on how to proceed gratefully received.

> >

> > Not sure whether this is relevant or not, but since getting the first

> > Vundo

> > detections, in the same account that apparently hosts Vundo, the user gets

> > a

> > message on logon to the effect that the system can't find a file

> > opnkjghf.dll. Could this be related to the Vundo problem ?

> >

> > System:

> > XPSP2

> > IE7

> > Windows Live Mail

> > Windows auto-update checked ON

> > AV & Firewall: McAfee, latest engines & updates installed.

> >

> > Thanks in advance </span>

>

> </span>

[Guest Maurice N ~ MVP]

Hello,

 

With Vundo infections, one has to usually run a battery of special removal

apps to remove all of it. MBAM is just one tool and I in no way meant to

convey that it would remove all infections. MBAM does do a good job of

knocking out the most common current infectors; but again, it is not the

single universal answer.

 

I urge you to select one of the forums I mentioned, follow that forum's

requirements for posting (they each have a Read first or "topmost" sticky of

instructions).

Joining the forum is free.

 

Also, keep in mind, your particular case may call for customized removal via

tools or scripts. So, do not hesitate, but do this pronto, and meantime do

not surf the internet. This pc cannot be considered clean.

 

Prevention of re-infection will also be covered at the forums. Basically a

layered approach of apps, and user awareness.

--

Maurice N

MS-MVP

--

"ColBla" <ColBla@discussions.microsoft.com> wrote in message

news:D49F84B4-31A3-4992-99F2-E96C11EFB150@microsoft.com...<span style="color:blue">

> Maurice

>

> VMT for the steer about MBAM. Downloaded and have now run it 3 times:

> 1. Had to abort 1st scan part way through because I ran out of time.

> However

> it found one file infected with Vundo and dealt with it.

> 2. 2nd scan ran all the way through and found a further infected file,

> again

> successfully dealt with it.

> 3. Further scan did not find anything.

> Have also run Defender without finding anything.

>

> So I might think that the successful scans by MBAM and Defender ought to

> mean the machine is now clean. But, in one of the four user accounts on

> the

> machine - the same one in which the Vundo detections were - the user still

> gets a DLL message on log-on; something seems to be looking for

> "opnkjghf.dll", and not finding it.

>

> So:

> Any views on whether the machine is now clean ?

> If so, how can I prevent the spurious DLL error appearing ?

> If not, please advise whether it's worth transferring this discussion to

> one

> of the specialist sites & I'll carry on there.

> Also, any ideas of how I can prevent re-infection - McAfee is obviously as

> much use as the proverbial chocolate fireguard ?

>

> Thanks.

>

>

>

> "Maurice N ~ MVP" wrote:

><span style="color:green">

>> It would not surprise me in the least that "opnkjghf.dll" is a trace of

>> malware.

>>

>> Use Windows' Disk Cleanup to delete all temporary files.

>>

>> Download & save Malwarebytes Anti-Malware from

>> http://www.besttechie.net/tools/mbam-setup.exe or

>> http://malwarebytes.gt500.org/mbam.jsp

>> Double Click mbam-setup.exe to install the application.

>> Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware

>> and Launch Malwarebytes Anti-Malware, then click Finish.

>> If an update is found, it will download and install the latest version.

>> Once the program has loaded, select Perform FULL Scan, then click Scan.

>> The scan may take some time to finish,so please be patient.

>> When the scan is complete, click OK, then Show Results to view the

>> results.

>> Make sure that everything is checked, and click Remove Selected.

>> When disinfection is completed, a log will open in Notepad and you may be

>> prompted to Restart.(See Extra Note)

>> The log is automatically saved by MBAM and can be viewed by clicking the

>> Logs tab in MBAM.

>> Copy & Paste the entire report in a new reply as soon as it has finished.

>> Extra Note:

>> If MBAM encounters a file that is difficult to remove, you will be

>> presented with 1 of 2 prompts.

>> click OK to either and let MBAM proceed with the disinfection process.

>> If asked to restart the computer, please do so immediately.

>>

>> MBAM is an excellent first-line program to use and keep.

>>

>> Checking for/Help with Malware

>> http://aumha.org/a/parasite.htm

>> http://aumha.org/a/quickfix.htm

>> http://aumha.net/viewtopic.php?t=5878

>> http://wiki.castlecops.com/Malware_Removal...n:_Introduction

>> http://mvps.org/winhelp2002/unwanted.htm

>> http://inetexplorer.mvps.org/data/prevention.htm

>> http://inetexplorer.mvps.org/tshoot.html

>> http://www.mvps.org/sramesh2k/Malware_Defence.htm

>> http://defendingyourmachine.blogspot.com/

>> http://www.elephantboycomputers.com/page2....emoving_Malware

>>

>> Help at malware removal forums: Read the topmost directions at the

>> forum and Post your logs as required by the forum to one (and only one)

>> of the following

>> http://aumha.net/viewforum.php?f=30,

>> http://www.bleepingcomputer.com/forums/forum22.html,

>> http://forum.malwareremoval.com/viewforum.php?f=11

>> http://forums.spywareinfo.com/index.php?showforum=18

>>

>> http://www.spywarewarrior.com/viewforum.ph...c0ca7ab9210f7ae,

>> http://forums.subratam.org/index.php?showforum=7,

>> http://forums.spybot.info/forumdisplay.php?f=22

>> or other appropriate forums for expert analysis, not here.

>>

>> Make very sure you read and follow the very topmost instructions at the

>> forum you have selected.

>> Do NOT post your logs here.

>>

>> --

>> Maurice Naggar

>> MS-MVP

>> -----</span></span>

[Guest Blackavar]

Blackavar had written this in response to

http://www.secure-gear.com/microsoft.publi...ticle24813-.htm

:

 

 

-------------------------------------

=?Utf-8?B?Q29sQmxh?= wrote:

 

 

 

<span style="color:blue">

> Apologies if this is the wrong board for this - if so, happy to re-post

> in a

> more appropriate place, just tell me where !</span>

<span style="color:blue">

> Windows Defender keeps reporting an infection with Vundo.gen!E. The

> advice

> on the MS site says remove it using an AV program. I use McAfee, but

> when I

> run a scan it can't find it - checking the update status of McAfee, I

> have

> the right updates that should detect this version of Vundo. So I can't

> actually follow the "how to remove" advice. So is Defender

> giving a false

> positive, or should I be really worried because I seem to have an

> infection

> that McAfee can't find ? Any advice on how to proceed gratefully

> received.</span>

<span style="color:blue">

> Not sure whether this is relevant or not, but since getting the first

> Vundo

> detections, in the same account that apparently hosts Vundo, the user

> gets a

> message on logon to the effect that the system can't find a file

> opnkjghf.dll. Could this be related to the Vundo problem ?</span>

<span style="color:blue">

> System:

> XPSP2

> IE7

> Windows Live Mail

> Windows auto-update checked ON

> AV & Firewall: McAfee, latest engines & updates installed.</span>

<span style="color:blue">

> Thanks in advance</span>

 

 

Vundo is good at hiding. If you want to ensure that you do not have an

infection.

1. run msconfig.msc

2. Under the Startup Tab remove checkmarks next to each program

Note: vundo usually uses rundll32 to run its self at startup

3. Apply changes and reboot

4. download and install Windows Defender from Microsoft

5. download the definition file from MS.

http://www.microsoft.com/security/portal/ADL.aspx

Note: Windows update can be used to retrieve the latest definition, but

vundo disables Windows update.

6. Perform a full scan, if vundo is located you will have the option to

quarantine or remove it.

7. Once finished you may not re-enable startup programs and restart the

machine.

 

Note: Until vundo is killed or undable to run, it will continue to protect

its self by creating xml files in your system32 dir and renaming them to

random file names ending with the extention .dll. PKini seems to be

another related file.

 

 

 

 

##-----------------------------------------------##

Delivered via http://www.secure-gear.com

The Internet Knowledge Base for the security industry

no-spam access to your favorite newsgroup -

microsoft.public.security - 24681 messages and counting!

##-----------------------------------------------##