Re: [Declude.Virus] OT: Online file check?

[William Stillwell]

Actually, it was a look2me variant, only 3 scanners detected it..   I had to download some custom removal tool to remove it. it was a 400K Dll that attached itself to just about every process, and it even ran in safemode., there was actually around ~70 dlls that were on the machine.   I also downloaded a custom hosts file that will block access to many adware sites.   thanks for all for the site. w.s       ----- Original Message ----- From: John Tolmachoff (Lists) To: Declude.Virus@declude.com Sent: Monday, July 25, 2005 4:42 PM Subject: RE: [Declude.Virus] OT: Online file check? While the site you are looking for is called www.virustotal.com, here are steps you will probably have to take:   Basically what you will end up doing is first finding what the registry key for it is, what is the actual executable name, restart the computer in safe mode, and delete or rename the registry key, delete the executable, and possibly  put restrictive permissions on the registry key and on the directory it creates and uses.   I have also had to use Administrators Pak by Winternals to go in and modify the registry and delete files before when even booting to safe mode did not work.   John T eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell Sent: Monday, July 25, 2005 12:05 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] OT: Online file check?   At one time i saw a post about a site that you can upload and it will scan it with the "popular" scanners and check it..   I have this evil little program that i can't remove from a users computer, and i have done everything.. It keeps "Renaming" itself on termination..   It spawns under explorer, rundll32, svchost and just totally takes over, and once its connected to an internet connection, downloads just about every peace of malware/spyware it can..   Thanks-