Re: can't get rid of worm
Originally posted here by mavax
4) I looked at hkey_local_machine\software\microsoft\windows\currentversion\run but found nothing suspicious, except maybe the 1st process, only because it has no description
yeah - well some that stuff don't always launch from that reg key. look @ the link!!
Re: Re: can't get rid of worm
Nice link you got there-
But I think Hijack This was updated to cover it? In fact I'm trying it right now and it looks like it picked up the registry areas that are covered in that link. Although- you're saying the link is about not using the registry to load services? Which one of us is confused? That whole article is entirely about the registry... Let me check again.
edit- from site
Knowing how to diagnose a service running as a malware is an important part of fighting spyware. As more and more spyware and viruses use this technique , the understanding of how services work and are configured in the Registry will make the difference between fixing a computer and not fixing it.