Hi Whiz,
Sorry, you've got one of the latest variants, or a very old one. What I was looking for in the above strings was a file name just after
fùAppInit_DLLsÖ. This doesn't show. We may be very lucky and it is one of the older variants, so here's the fix for the old one...( C&P.. )
Please go
here and download, unzip and then open CoolWebShredder. Then click on the
Updates button and follow the prompts. Next, run the program by clicking on the
Fix-> button.
CWS installs via the byte verifier exploit in M$ JavaVM so just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go
here, click
Scan for updates in the main frame, and download and install
all CRITICAL updates recommended.
If that doesn't work, there's no practical way to fix it here, and you'll need to go to one of the security forums. At the moment, all the latest development work for fixing this is being done behind the scenes over at
ComputerCops. The link takes you straight to the right board, and it's free to register and use.
Cheers
Liam