remove the 2chkdsk virus/spyware/malware

I've named it the 2chkdsk as it's the word i get most info when searching google.

it's pretty easy to spot.. but rather difficult to remove. It has busted my brains for a while.

I'll try to describe the steps as easy as possible and I believe not everyone will follow. It's a rather 'primitive' way of doing so.

The virus itself replicates through dll files that attach to explorer.exe or iexplore.exe... so making it difficult to delete (as file is locked). i do have a copy inf unlocker assistant which allows you to 'unlock' files and kill processess (useful for deleting jammed files).

to find out dll files, run msconfig and recognise the rundll which will tell you the dll to delete. you will be able to delete this one.,, but on every restart.. a new one will appear.

to find the root dll files... i did run hijackthis and did discover which ones. also discovered it 'leeches' onto winlogon.

to delete the source files, remove all cookies and temp folders (manually). locate from %systemroot%\system32\ the dll's. they are hidden.. so will be easy to locate and have a generic name which stand out from other dll's.

mine were: ljjkigh.dll, ddcyw.dll, gebywwx.dll. these were all hidden dll's.

if oyu boot from safe mode.. you will still not be able to delete these as they are 'leeched' onto winlogon, explorer and maybe another app.. so... this is the killer:

remove the hhd and connect to another computer. simply navigate into system32 foilder and process to delete all the hidden dll's.
of course you will need to enable viewing hidden files and folders.

easy peasy japanese...

run hijack this and regedit following to the RUN key to find out 2chkdsk is no longer loaded. whit hijack this.. clean up the unnecessary keys (file not found) and clean up.
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run