Category: Geeks r Us
We have now pinpointed the solution. My friend spike has found 2 files mci32.dll and mci32.exe in his c:windows directory. Also, it was my friend Shaun who found the same exact thing. When trying to delete these files it gave an error saying that the file winlogon.exe was using those files. Luckily I do not have these files. It does not embed itself in the MBR, which is a good thing. You can use a program called Killbox to remove it. I recommend replacing your winlogon.exe with a clean one and then reboot, and delete the 2 files mentionsedubove. Also. what this does is have the svchost.exe run as administrator which it should not do. I did a little googling on these and found this is actually spyware. If it related to this virus or spyware then it is written in VB. It does not make entries to the registry. here are the file sizes
mci32.exe 9,215 bytes under c:windowsconfig
mci32.dll is 0 bytes
thanks for the info
Hi,
Makes sense, those are likely our files although that VB part, thats false. You tried to delete it and it somehow embedded itself, just like the WinLogon Notification Package, what Victim uses, I am NOT saying it is tyler or victim related. So why is it not going away on tristan's computer? It's Winlogon and some DLL's, they should go away. Interesting... It might be possible, I remember reading about a program killer, that destroys any program you want it to, so if I find that, we can say by to mci32!
also the first poster said to replace your winlogon with a clean one, how do u do that?