I picked up the Trojan FBI Moneypak from from a web site and it had an interesting method of operating that SD and TeaTimer did not detect and did not prevent. I think, I was able to remove it, but not 100% sure. (I'll have a question later). I also have quarantined the executable part of it in case you would like to have a copy. First my system description; First I'm running Windows 2000 Sp-5 (it does everything I want it to do, and wife has Win-7 on her computer and I hate it) and I was using FireFox 12.0. Here what it did, the computer locked up with one browser window open (no menu controls visible, and even the keyboard controls were disabled) The mouse functioned. The page stated I was doing something illegal (downloading copyrighted mtl, or viewing porn of some kind) and the FBI had detected me, and was fining me, and that my computer would remain locked until I want to pay-pal and paid a fine. I tried to shut down the browser with Alt-F4 did not work, I tried to open the task manager to shut down FireFox, It opened for a second, and then shut down. At that point I just hit the reset button, removed the network cable and restarted. At restart browser tried to go to a web site but failed (no connection). I found 0_0u_l.exe in the temp folder of the local settings Folder. Could not delete, got the File in use message. I was able to rename it (0_0u_l.exe.vir). I restarted the computer and at boot up I received the message RUNDLL could not find 0_0u_l.exe. The computer is now acting normaly (I hope) I have run SD 1.6.0.30 with the current updates and nothing was detected, I also forced a SD scan of 0_0u_l.exe, and was informed "nothing found". I do understand that Win2000 is no longer supported. But Tea Timer usually prevents any changes to the registry. Now for my question: why did at boot up try to install itself with RUNDLL. Also Would you like a copy of 0_0u_l.exe.vir file.
Thank You