It seems to me it can be impossible to remove?
You can't delete it, since it is running in winlogon.
You can't kill winlogon, since it crashes windows XP.
You can't tag it for delete on boot(with killbox), since it controls the registry, and can remove the "PendingRename..." entrys instantly.
You can't remove it from the registry because it just puts it self back in.
You might not even be able to delete it from the disk after using a set of bootdisks, since it just might rename itself on exit from windows, and renaming it self back to its "online-name" when it has been started.
I just don't see how it can be killed, if its malicious enough... Anyone?
This must be a serious flaw in Windows XP, and Microsoft should make an util to unregister dll's from winlogon.
duplicate post. Topic closed.
Edited by coachwife6, 30 April 2005 - 10:07 PM.