Wednesday, November 18, 2009

Remove a dll attached to WinLogon

From this thread, the best answer given was essentially to remove inheritance and all permissions to the file, then reboot, then delete the file. (Mitigating factor: if it self-heals permissions).

The next best answer was to boot from an XP CD in System Recovery mode.

The third best answer (from *MY* point of view, because it *is* that simple) is to boot from a LiveCD, mount the file system as writeable and delete the file. The down side is a *possibility* of messing up NTFS file systems, but IMO that is not a huge risk.

I had to do this to fix an m.exe autorun.inf USB dropper that had a dll that stuck to winlogon notify.

