Woke up this morning to Prevx errors when booting up. It blocked c:\windows\system32\curslib.dll. Ran a full scan and it asked me to reboot. Problem still there when I booted up again. After other recent problems, I booted up on another clean disk and scanned that drive. Prevx found curslib.dll again. Since this was a free version of Prevx, I removed the file by hand. Booting up on the original drive, curslib is back. Something must be copying it into place upon bootup. I don't see anything in Start Menu/Programs/Startup, nor in msconfig/Startup.
He said that he is using the free version which does not remove malware! The best thing to do is buy Prevx or try MBAM Free. TH Edit: I see that the first line that it sounds like he has the full version Sorry!
Hmmm... And I mean that. I followed your advice, and Prevx came up all red (before doing any scanning). I briefly checked to see that curslib.dll hadn't reappeared yet. It hadn't. I let Prevx scan and it didn't find anything. I've booted back up normally and still don't see any problems. So things appear to be ok, but I don't have a comfortable feeling about it. I'd feel more comfortable if it found a problem and removed it. I'll stay booted on this (previously infected) drive and see if the cleansing sticks.
A real nasty http://www.threatexpert.com/report.aspx?md5=c21a1c48552d4493103dae4e95e80660 If Prevx can't clean it contact support because Prevx Guarantees clean up!!! http://info.prevx.com/service.asp TH
I definitely recommend writing into our tech support inbox where our researchers will be able to sort out what is re-dropping the file and get your PC cleaned ASAP
There's nothing more than what I wrote in this thread. However, I did keep one of those curslib.dll files on a thumb drive, just in case. Should I just send a message to tech support with a link to this thread?
You can if you wish - I suspect our researchers will be asking for scan logs to diagnose the issue as well, but let me know if you have any problems getting in touch