Actually, it was a look2me variant, only 3 scanners
detected it..
I had to download some custom removal tool to
remove it. it was a 400K Dll that
attached itself to just about every process, and it
even ran in safemode., there was
actually around ~70 dlls that were on the
machine.
I also
hehe.. killbox = no good, nothing would drop the running dll, i couldn't
copy it, delete it, rename it, or kill the registry entry.
here is a nice add in for people:
http://mvps.org/winhelp2002/hosts.htm
I am thinking of parsing the file and putting it into our dns servers to
prevent
all the
Good work killing it.
I'll be adding this program to my "tool kit". The site also looks like
a winner.
Look2me, I remember it well.
That's the one I had here. KillBox is hard to run, but it worked. You
have to feed it a list of the DLLs to delete on the next boot.
Although it may have morphed
Oooh, the thread injection by the dll would make it hard to kill; you'd
have to use a tool like Process Spy that shows you dll files as well as
the executables.
That tool you downloaded probably didn't do the full job, though. It's
the Kill2Me tool by Merjin, author of HijackThis, and it's more