Jump to content


Photo

AiSetupc.dll Anyone seen this?


  • Please log in to reply
1 reply to this topic

#1 seanogee

seanogee

    Member

  • New Member
  • Pip
  • 3 posts

Posted 27 May 2004 - 01:29 PM

Hi folks,
I was working on a computer on our network Friday that had some major problems. After booting Windows2K, Winlogon.exe would crash within 15 to 60 seconds and restart the computer (no options). I removed a considerable amount of spyware, cleaned the BHOs and the LSPs. Removed almost everything from startup, to no avail. TargetSoft had windows by the short ones. I finally got rid of TaregetSoft (which had a huge number of entries) and then the shutdowns started again. I tracked the owner of the process to AiSetupc.dll, which was deeply hidden. It was taking Winlogon hostage from the start and attempting to reach a computer through an ISP in San Antonio (69.20.20.161). When I blocked it, it set up listening on about 40 ports and consumed all the memory and CPU cycles. It was so firmly imbedded in Winlogon that I had to boot to a CD and go into the console to delete it.
I haven't been able to find anything on this particular file. There are plenty of responses to AiSetup, but not AiSetupC. Has anyone run into this piece of crap? And do you know whose file it is? I suspect TargetSoft, but I can't be sure.

Seanogee

#2 seanogee

seanogee

    Member

  • New Member
  • Pip
  • 3 posts

Posted 29 May 2004 - 08:50 AM

I found the culprit for this.
Look2Me uses the address 69.20.20.161 to connect to. The files can vary and it also attaches itself to Explorer.exe. There is a script that will get rid of it, but in most cases you will have to do it from the recovery console. Www.pchell.com is a good resource for removals and in their support section they have directions for removing Look2Me.

Seanogee




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button