Fighing spyware II: pmnlk.dll
My neighbours computer still had very bad response times.
Only in "safe mode with command prompt" it was usable.
Using autoruns (from sysinternals), I found that the computer added startup code to pmnlk.dll to the registry.
I was unable to delete this file, since it was always locked by some process. I was able to find this process using listdlls (thank you Sysinternals). This dll was loaded by winlogon.exe.
So I killed this program (using procexp) and then I was able to delete the pmnlk.dll file.
After that, I was able to run a anti-virus program normally, install Windows Defender, connect to the Internet and run Microsoft Update.
Comments: Een reactie plaatsen
Links to this post: