A Couple Killer Utilities »
In fighting a particularly nasty trojan, dubbed something like TROJ_DLOADER in a number of instances, I came across the need for two utilities.
The first is called StartupList, and gives you a list of everything that happens during startup. In this case, the startup of Explorer (and by extension, Internet Explorer) was the winner where an "enumerating helper object" loaded a suspicious DLL everytime a window was opened.
Once the file was found, I needed a copy of MoveOnBoot, which allows the copy/move/rename/delete of a file that is used by Windows at boot time - before the object is in use. Simply select the object found in the prior step, select to move it and/or delete it, and restart. Problem solved.
StartupList actually provides a GUID as well, which you can use to search your registry if you'd like to get rid of all traces of the Trojan. Anti-spyware software, such as that from Webroot can also help with this - though it cannot actually remove the file, so you need to have that done first.
Comments (2)
Cool, where can I find this StartupList app?
Posted by Daniel Serodio | May 20, 2005 4:00 PM
I don't know if they are the authors, but you can find it at Merijn. If that doesn't work for some reason, try Google - lots of places to download it.
Posted by Chad Everett | May 20, 2005 5:26 PM