Antimalware Doctor infected me the other day. Thought I'd gotten rid of all it's parts. But I noticed my Firefox browser seemed to bring back a blank screen occasionally and say "Done" in the status bar. Struck me as odd behavior.
So I went trolling around looking for modules that had a "Date Modified" date and time matching my infection date and time.
I found some things in C:\Windows\System32 that seem related by that date and time. However... if I rename jrpkid.dll... can't even ping www.google.com. Rename it back, and it works...
Thing is, the Properties > Details doesn't list it as Microsoft...
and... jrpkid shows up in the Registry in the Protocol_Catalog9 entries in several of the numbered entries as some sort of protocol.
Leads me to believe I've still got some corrupted protocol code running, but don't know what to do about it.
I figure I'm probably being monitored for financial data or something of the like.
Any thoughts? Know fixes?
Searches on jrpkid find literally nothing.
Some of the other .dll's are:
Process explorer definitely shows various Windows programs using some of these DLL's.
At present I've renamed them all but jrpkid.dll since it seems critical at the moment for getting onto the 'net.
I guess I'll wipe the rest out over time if I don't see any adverse affects, but that still leaves jrpkid.dll in there doing something... something that even prevents the ping command from working when it is renamed. (!!!)
Edited by hamluis, 03 September 2010 - 10:15 AM.
Moved from Vista to Am I Infected forum ~ Hamluis.