explorer.exe loading virus
Posted on 2009-03-30
One of my workstations seems to have caught a virus that Malwarebytes will not detect. The virus created a registry key called unokukowo and then it loads a dll that has a randomly generated name, IE: uwodaribiy.dll . When I run hijack this is the entry it creates:
O4 - HKLM\..\Run: [Unokukowo] rundll32.exe "C:\WINDOWS\uwodaribiy.dll",e
When I delete this DLL it comes back on reboot using a different name. using process explorer the file seems to be getting created by explorer.exe. Is there some way for me to see what explorer.exe is set up to load? Does anyone have an idea how to remove this virus short of reformatting the drive? It seems to spawn random pop ups while using internet explorer. Thanks.