.comment-link {margin-left:.6em;}
Gert .Net
Fighing spyware II: pmnlk.dll
My neighbours computer still had very bad response times.

Only in "safe mode with command prompt" it was usable.

Using autoruns (from sysinternals), I found that the computer added startup code to pmnlk.dll to the registry.

I was unable to delete this file, since it was always locked by some process. I was able to find this process using listdlls (thank you Sysinternals). This dll was loaded by winlogon.exe.

So I killed this program (using procexp) and then I was able to delete the pmnlk.dll file.

After that, I was able to run a anti-virus program normally, install Windows Defender, connect to the Internet and run Microsoft Update.
Comments: Een reactie plaatsen

Links to this post:

Een koppeling maken

Powered by Blogger