Not sure if I missed it, but how did you uncover this file in the first place? Just by checking the running processes?
Either way, adding to what Und3ertak3r was saying:
There are a few useful utilities out there for cleaning up the registry should you find some unwanted entries.When a remote scanning technique is used the "Cloaking" is ineffective.. then all you need is to be able to identify the files..
NEXT.. you need a Registry Scanner.. to get the troublesome Keys removed.. like the keys that prompt your boxen to auto download a new version of the rootkit..nice huh
THEN.. the clean up.. remove the files mentioned earlier.. Windows/temp, doc&settings/user/localsettings/temp and temp internet.. not forgetting windows/prefetch
RegClean4.3 - Easy to read GUI, very easy to use program which displays reg keys for installed software...whether new or old and allows for effortless cleanup/removal of reg keys.
and in case you stumble across any reg entries that prove to be stubborn in deleting
check out a few of Sysinternals reg tools:
Rootkit Revealer - Good for locating hidden reg keys... usually registry keys that contain embedded-null characters.
These keys sometimes will not let you manually delete them, Sysinternals has another handy tool for removing those reg keys called REGDELNULL
Good luck!
Reply With Quote