Re: shell.dll file
From: Joe Blow (none_at_none.com)
Date: 06/29/04
- Next message: Hilary Karp: "Re: yahoo messenger"
- Previous message: Billly: "Re: kazaa lite connection problem in xp"
- In reply to: Malke: "Re: shell.dll file"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 29 Jun 2004 14:24:50 -0700
I have tried removing CoolWeb from my system but this still didn't
help me. And I have the same problem as Charles. I have been scouring
the web and newsgroups for a solution and still haven't found one.
This issue seems to be happening to A LOT of people too. I'm surprised
I haven't found an answer yet.
On Tue, 29 Jun 2004 12:57:56 -0700, Malke <malke@nospoonnotreally.com>
wrote:
>Charles wrote:
>
>> I came up with a misssing "shell.dll" file when trying to
>> use a business program (metroscan for windows).
>>
>> I found the file on c drive, copied it, opened windows
>> system 32, and pasted it there. The program then will
>> open. The problem is that "shell.dll" will not stay in
>> the system 32 folder and I have to do all of the above
>> over again. What does it take to keep the file saved in
>> the system 32 folder?
>>
>> Thanks!
>> Charles
>
>
>An interesting thing was found by another poster, Joe Parish. Here's a
>bit of his post:
>
> ".. concrete difference I've been able to find is a service with a
>display name of "Network Security Service" called "__NS_SERVICE_3". I
>only have before logs
> on 8 other machines. Out of all 10 machines 7 have that service, named
>"__NS_SERVICE", "__NS_SERVICE_2", or "__NS_SERVICE_3" with what appears
>to be a randomly named EXE in c:\windows\system32. Right now it's the
>only real good lead I've seen. Trendmicro calls it TROJ_AGENT.Z2, but
>the tech details make no mention of shell.dll. I've done a bit of
>digging, but not come up with anything else to tie and TROJ_AGENT
>variants to this problem."
>
>Apparently this service is coming from the CoolWeb Search malware, which
>makes itself into this service. This explains why we've been seeing a
>rash of "shell.dll missing" posts in the newsgroup lately. So I'd
>disable the service in Safe Mode and do all the "normal" spyware
>removal steps (which are getting longer and more complicated):
>
>Remove spyware with Spybot Search & Destroy from
>www.safer-networking.org and Ad-aware from www.lavasoftusa.com. Be sure
>to update these programs before running them. These programs are free,
>so run them both since they complement each other. It is best to run
>antivirus and spyware removal tools in Safe Mode. You may also need to
>run CWShredder and HijackThis from
>http://www.spywareinfo.com/~merijn/index.html.
>
>Please read the instructions carefully and do not post your HijackThis
>log in this newsgroup. A great resource for dealing with spyware is the
>forum on http://www.spywareinfo.com and the forums on www.aumha.org.
>Also, make sure you've visited Windows Update and applied all security
>patches. Make sure you are running a firewall and a current antivirus
>with updated definitions.
>
>
>Malke
- Next message: Hilary Karp: "Re: yahoo messenger"
- Previous message: Billly: "Re: kazaa lite connection problem in xp"
- In reply to: Malke: "Re: shell.dll file"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
