One of my clients has been infected with the AntiSpySpider Rogue software on an XP Pro PC. Unfortunately, before I was called in they tried to remove it themselves. The end result is that all of the program has been removed bar one item. I believe the item is a DLL. I'm not (usually) stupid and I have tried running various scans and diagnostics, but I can't identify the file. The only clue I have is that when I view the task manager there is a process running called RUNDLL32 (yes I know what this is for but it doesn't normally show up in the task manager). When the computer is initially booted, after a few minutes the Rogue software kicks in and starts displaying the AntiSpySpider webpage. As time goes by this page is displayed more and more frequently. However, if I kill the RUNDLL32 task then the pages stop displaying until the next reboot.
Obviously, there is a DLL being run somewhere but I can't find it!
So, my questions are...
1) Does anyone know what this DLL is and where I am likely to find it? (No there are no references to AntiSpySpider anywhere on the PC now)
2) Is there a process or utility that allows me to see what DLL the RUNDLL32 process is tied to?
Thanks in advance...
Start Free Trial
