P
pOTRice
Sorry if this was dealt with recently but this is my first look at
this group.
Running WIn2000 on an Althlon 2000+
Free ZoneAlarm and AVG *Pro*
First symptom - ZoneAlarm squeeked about dfrgsrv.exe trying to go out
on the internet.
What's dfrgsvr I wondered - "svr" sounds dangerous (Defrag Server?)
I denied the access.
I found the file dfrgsvr.exe sitting in C:\WINNT\system32.
Ran Micro$oft AntiSpyware Beta 1 - it found Zlob indicated by a
Registry key
. .\Explorer\Run wininet.dll triggering (guess what?)
dfrgsvr.exe at startup.
This matches Micro$oft's notes about Zlob on their site.
No problem I thought - just let AntiSpy remove the key.
Too easy - in fact every attempt at even manually removing it fails -
it seems to be 'self-repairing'
The dfrgsvr.exe cannot be renamed or deleted - sharing violation -
presumable because it's running.
A request to AntiSpy to 'block' this item at start up is apparently
accepted and it shows an entry in its list as "blocked" but another
'live' entry reappears!
Running the latest Micro$oft Malware Removal Tool does *not* find it.
Run out of ideas!
Anybody killed this successfully?
this group.
Running WIn2000 on an Althlon 2000+
Free ZoneAlarm and AVG *Pro*
First symptom - ZoneAlarm squeeked about dfrgsrv.exe trying to go out
on the internet.
What's dfrgsvr I wondered - "svr" sounds dangerous (Defrag Server?)
I denied the access.
I found the file dfrgsvr.exe sitting in C:\WINNT\system32.
Ran Micro$oft AntiSpyware Beta 1 - it found Zlob indicated by a
Registry key
. .\Explorer\Run wininet.dll triggering (guess what?)
dfrgsvr.exe at startup.
This matches Micro$oft's notes about Zlob on their site.
No problem I thought - just let AntiSpy remove the key.
Too easy - in fact every attempt at even manually removing it fails -
it seems to be 'self-repairing'
The dfrgsvr.exe cannot be renamed or deleted - sharing violation -
presumable because it's running.
A request to AntiSpy to 'block' this item at start up is apparently
accepted and it shows an entry in its list as "blocked" but another
'live' entry reappears!
Running the latest Micro$oft Malware Removal Tool does *not* find it.
Run out of ideas!
Anybody killed this successfully?