You helped last night fix my dorkodrom problem. I ran housecall last night and there is one more virus. On my computer, it is called child.dll located in my system 32 folder. I could not delete it and I could not find it in my task manager. Then, I ran my computer in safe mode and I can't delete this virus. Please help me get rid of it.
Dan
06/15/04
Here is what Mcafee says when I try to delete it.. "the file c:/windows/system32/child.dll is infected byt the downloader-gs trojan and cannot be cleaned"
They recommend I restart my computer and use a rescue disk to clean the infection. What is a Rescue disk??
ed
06/15/04
a rescue disc is a boot disc that mcafee will have you create incase windows doesnt start.
from trend
1. Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>CLASSES>CLSID>
3F143C3A-1457-6CCA-03A7-7AA23B61E40F>InProcServer32> “%System%\ child.dll”
3. In the right panel, locate and delete the entry or entries:
%System%\ child.dll
Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 95, 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP.
If you cannot delete CHILD.DLL, terminate the RUNDLL32.EXE process first.
4. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>CLASSES>CLSID>
3F143C3A-1457-6CCA-03A7-7AA23B61E40F>
InProcServer32>ThreadingModel
5. In the right panel, locate and delete the entry or entries:
“Apartment”
6. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
CurrentVersion>ShellServiceObjectDelayLoad>
OLE Automation Module
7. In the right panel, locate and delete the entry or entries: “{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}”
8. Close Registry Editor.
Dan
06/16/04
Thanks Ed. I will try this tonight and give you an update.
Dan
06/17/04
Ed,
I could not find CLSID when I looked under CLASSES. Maybe I am doing something wrong. Let me know. By the way, thanks for all your help.
Ryan ryanvkeeping@hotmail.com
07/12/04
Hey I'm sharing the same problem here.
I've followed your directory map but I can't find 3F143C3A-1457-6CCA-03A7-7AA23B61E40F under the HKEY_LOCAL_MACHINE>Software>CLASSES>CLSID> address.
I did find the sequence 3F143C3A-1457-6CCA-03A7-7AA23B61E40F
under HKEY_CLASSES_ROOT>CLSID>3F143C3A-1457-6CCA-03A7-7AA23B61E40F; but it is an empty folder.
Again under HKEY_CURRENT_USER>SOFTWARE>CLASSES>CLSID>3F143C3A-1457-6CCA-03A7-7AA23B61E40F
But again, an empty folder
Don't really know where to go from here, any help would be great.
P.S. I keep getting the same error message over and over again.
ERROR LOADING C:\PROGRA~1\INTERN~2\inetkw.dll
The specified module could not be found.
its driving me nuts !
Thanks in advance.
