-
December 21st, 2004, 09:08 AM
#1
Registered User
DLL Mystery
Have a client with a Sony VAIO, XP, 1.5GHZ, 256MB Ram.
While cleaning the PC, found a virus called the Trojan Backdoor.BA: file name comcf.dll. The file is supposed to be located in C:\windows\system32. I have made sure that all protected files are not hidden in folder options and doing a search to search hidden files and folders. The problem is, I can not find this file to delete. Any google search on this file turns up nothing. Any suggestions would be greatly appreciated. TIA
-
December 21st, 2004, 09:26 AM
#2
Registered User
Are you sure its not archived in the system restore backup?
-
December 21st, 2004, 09:40 AM
#3
Registered User
Originally Posted by Archer
Are you sure its not archived in the system restore backup?
System Resotre has been turned off. One of my first rules since this harbors a lot of spyware and virus.
-
December 21st, 2004, 10:25 AM
#4
Registered User
Troj/Bdoor-BA is a backdoor Trojan which is composed of three EXE files called DCC.EXE, IP98NET.EXE and RUNDLLS.EXE. When the Trojan is run, the executable files are dropped in the Windows folder. RUNDLLS.EXE may have the hidden file attribute set.
Troj/Bdoor-BA drops a file named DCC.PIF which runs the backdoor server program DCC.EXE. The Trojan adds an entry to the "run" section of WIN.INI to run IP98NET.EXE when Windows is started.
http://www.sophos.com/virusinfo/anal...ojbdoorba.html
Where did you get the reference to comcf.dll from??
-
December 21st, 2004, 12:16 PM
#5
Registered User
Your AV probably clean it but it's still in the registry as active
open regedit and search for the DLL and delete it
-
December 21st, 2004, 04:23 PM
#6
Registered User
Originally Posted by Archer
The anti virus is showing this dll file as containing the virus.
-
December 21st, 2004, 04:25 PM
#7
Registered User
Originally Posted by LaSERCHiPs
Your AV probably clean it but it's still in the registry as active
open regedit and search for the DLL and delete it
I will look, however every time I open IE I get a pop-up calling this file as containing the virus. It would somehow seem to me that IE is contaminated somehow.
Similar Threads
-
By Pluto in forum Windows 95/98/98SE/ME
Replies: 2
Last Post: May 24th, 2001, 05:42 AM
-
By Cable Modem Tech in forum Windows 95/98/98SE/ME
Replies: 2
Last Post: April 29th, 2001, 10:32 PM
-
By TobyTuck in forum Tech Lounge & Tales
Replies: 2
Last Post: April 13th, 2001, 09:46 AM
-
By dewaaz in forum Tech-To-Tech
Replies: 2
Last Post: January 20th, 2001, 02:00 AM
-
By KoLoSoTx in forum Windows 95/98/98SE/ME
Replies: 1
Last Post: May 16th, 2000, 03:57 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks