DLL Mystery

[Zonie]

Have a client with a Sony VAIO, XP, 1.5GHZ, 256MB Ram.
While cleaning the PC, found a virus called the Trojan Backdoor.BA: file name comcf.dll. The file is supposed to be located in C:\windows\system32. I have made sure that all protected files are not hidden in folder options and doing a search to search hidden files and folders. The problem is, I can not find this file to delete. Any google search on this file turns up nothing. Any suggestions would be greatly appreciated. TIA

[Archer]

Are you sure its not archived in the system restore backup?

[Zonie]

Are you sure its not archived in the system restore backup?

System Resotre has been turned off. One of my first rules since this harbors a lot of spyware and virus.

[Archer]

Troj/Bdoor-BA is a backdoor Trojan which is composed of three EXE files called DCC.EXE, IP98NET.EXE and RUNDLLS.EXE. When the Trojan is run, the executable files are dropped in the Windows folder. RUNDLLS.EXE may have the hidden file attribute set.


Troj/Bdoor-BA drops a file named DCC.PIF which runs the backdoor server program DCC.EXE. The Trojan adds an entry to the "run" section of WIN.INI to run IP98NET.EXE when Windows is started.

http://www.sophos.com/virusinfo/anal...ojbdoorba.html


Where did you get the reference to comcf.dll from??

[LaSERCHiPs]

Your AV probably clean it but it's still in the registry as active

open regedit and search for the DLL and delete it

[Zonie]

http://www.sophos.com/virusinfo/anal...ojbdoorba.html


Where did you get the reference to comcf.dll from??

The anti virus is showing this dll file as containing the virus.

[Zonie]

Your AV probably clean it but it's still in the registry as active

open regedit and search for the DLL and delete it

I will look, however every time I open IE I get a pop-up calling this file as containing the virus. It would somehow seem to me that IE is contaminated somehow.