Hello. My second computer has been infected with a "Win32/Kryptik.DOX". My Nod32 keeps blocking the file ljggde.dll (which is located in Windows/System32). Nod32 deletes the file, but the file gets recopied there by something (And Nod32 deletes it again).
I restarted my PC on safemode. deleting some EXE on my temp folder that Nod32 said was infected. Deleted the ljggde.dll/fccaby.dll, Opened up Regedit and searched for ljggde.dll .
"There you are" I said, Seeing it at the "Run" folder. I deleted it... and what the heck? it pops back in with a new name, same values! I quickly opened up task manager, Thinking its somehow managed to run on safemode, didn't see anything suspicious. How the heck can it change my registry on safemode like that?
Nod32 keeps saying I need to reboot to completely remove it (but it doesn't help) .
System restore is turned off.
I restarted my PC on safemode. deleting some EXE on my temp folder that Nod32 said was infected. Deleted the ljggde.dll/fccaby.dll, Opened up Regedit and searched for ljggde.dll .
"There you are" I said, Seeing it at the "Run" folder. I deleted it... and what the heck? it pops back in with a new name, same values! I quickly opened up task manager, Thinking its somehow managed to run on safemode, didn't see anything suspicious. How the heck can it change my registry on safemode like that?
Nod32 keeps saying I need to reboot to completely remove it (but it doesn't help) .
System restore is turned off.
/www.malwarebytes.org/
Facebook
Twitter