Are you the author of the original post ? If not, please respond to the
original thread or the Subject of the thread so that someone can assist.
This behavior is seen when there is thread injection into the winlogon
and can only be removed by using ProcessExplorerNT to kill that thread
prior to deleting the .dll file.
How this is done is explained here for the :
Trojan.Vundo.B / Search42.com / MSevent / Req.dat Redirector http://www.bleepingcomputer.com/for...TrojanVundoB_Search42com_MSevents-t18610.html
Steve Wechsler (akaMowGreen)
MS-MVP 2003-2005
===============
*-343-* FDNY
Never Forgotten
===============
