Quote:
|
Originally Posted by Zetch
I recently aquired a set of .dll files called "cassandra" and distributed by melkosoft corporation. There are three currently, but they change their file names pretty often. They are always in the win/sys32 folder. So far they are acting like a browser hijacker but they are impervious to all spyware removers. My antivirus detects them but cannot delete them. I have tried to delete them manually in regular mode, in safe mode, in regedit, in dos, I have tried system restore (says cannot restore), and I have tried changing security settings through safe mode to allow full access to the files. Nothing has worked. I just want to know how I can delete these files. I keep getting the message "Access denied, cannot read from source file or disk. Make sure the file is not in use." These files seem to block my program "Wholockme" which usually tells me what process has locked a file, so it isn't even working. Any help would be greatly appreciated.
Dan hatch
Zetch131411@hotmail.com |
There is one dll file that acts a temporary file and it seems to keep track of all the other ones, this file seems to be somthing like this "as23hn4j5hbbaggejk.dll.dll.dll.dll". If you rename a dll it will re-create itself with a different name.
In order to get rid of the dll files from Melkosoft's Cassandra you must enter the System recovery console, browse to the system32 folder using c:>cd c:\windows\system32 (c:>cd c:\winnt\system32 for Win2k) and use C:\windows\system32\>dir to see the files names and then use c:\windows\system32\>delete fileName.dll to delete the files.
To enter the SRC use the Win20 or WinXP disk and choose "System Recovery Console. If you can not get a hold of a Windows disk, try removing the drive and setting it as a slave in another computer, browse to (I will use X as the drive letter, however, the drive letter wil depend of your system) X:\Windows\system32\ and delete the files.
Good Luck