Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

General question: How to kill a O20?

Started by stroyer , Apr 30 2005 02:33 AM

This topic is locked

#1
stroyer

Posted 30 April 2005 - 02:33 AM

New Member

Member
5 posts

Perhaps someone can tell me in general what to do, when a malicious dll is being started in winlogon...

It seems to me it can be impossible to remove?

You can't delete it, since it is running in winlogon.
You can't kill winlogon, since it crashes windows XP.
You can't tag it for delete on boot(with killbox), since it controls the registry, and can remove the "PendingRename..." entrys instantly.
You can't remove it from the registry because it just puts it self back in.
You might not even be able to delete it from the disk after using a set of bootdisks, since it just might rename itself on exit from windows, and renaming it self back to its "online-name" when it has been started.

I just don't see how it can be killed, if its malicious enough... Anyone?

This must be a serious flaw in Windows XP, and Microsoft should make an util to unregister dll's from winlogon.

duplicate post. Topic closed.

Edited by coachwife6, 30 April 2005 - 10:07 PM.