Reply to: Npaijcx.dll

Ah, the Andromeda Strain.

One day you aliens will learn that we humans don't need high tech weapons, we already have the biological ones.

In past have found things that can't be deleted have ownership set to some process, with legit stuff it's usually trustedinstaller. If log in as admin should be able to change that through file properties. Forget details but just fanny about, it's there somewhere.

In addition, my Win2k box has got

C:\winnt\system32\SFMKSJL.DLL

apparently.

In my dreams.

As I recall it was a case of installing each & every program one by one.

The esteemed Helldesk representative did something that got AVG to remove the dll.

Or at least, it appears to have removed it.

Now I've got A0000056.DLL being flagged instead.

Bartpe & stinger for all your virus doings.

You could also try the bootable kapersky rescue disk thingy.

Kaspersky Rescue Disk 10

Netscape plugins tend to be NP*.dll.

Process Explorer will tell you which process has which files open.

surely thats rm -rf /

Either way only if that dll is the root cause of the problem deleting it will solve the problem. If the real file is elsewhere it will simply reappear under another name.

Sadly the only way to really be sure of solving a trojan attack is to wipe the system and start again. Backup every file you need and proper to spend ages installing everything.

If your helldesk are not too useless they will probably have a base image that contains most of the programs you need.

Try booting from CD base Linux distro (e.g. Pated Magic); <hold-nose-mode>mount MS partition</hold-nose-mode> and have a play; I quite like the look of this command:

rm -rf

I'd also recommend trying something other than AVG to check your system is clean after managing to delete the dodgy dll. It could be that the real nasty on your system just keeps recreating the dll.

For free tools I ditched AVG some time ago in favour of Microsoft's Security Essentials. It seems to catch most problems before they have chance to get a hold of the system, when doing real time protection. Its library also usually gets updated several times per week as Windows Update is always pestering me to do an update for it.

If you trust HellDesk, let 'em at it.

If not, or it's your own machine, get a Linux Live CD (a bootable one) that supports NTFS and try deleting the file with that.

I've found the Linux Mint Live CD has the goodies to do this sort of stuff.

Putting the drive as a slave in another PC may work, if the file is being locked during boot up.

I remember having to sort something like this out some years ago. I think the solution I found was to use a utility that does a 'move on boot' so the file is not locked and can be deleted after startup.

AVG does bugger all even in safe mode.

EEK, have you got any ideas?

I was thinking of installing the disk as a slave & scanning it from another machine.

Or is that too simplistic?

No I haven't. Couldn't find it anywhere. Was just thinking about generic shit:ty dlls wot get themselves installed.