Re: kraes.dll

[Clyde Hoadley <hoadleyc () MSCD EDU>]

I don't know how much help this will be but, here
is my 2C worth.  I couldn't find any info
on that dll either.  I also looked for it on both
my W2K and my XP computers - it isn't there.

Have you tried examining it with a HEX editor or
running "strings" (a unix command) on it?

You may need to disable System Restore to get rid of it.

I copied this out of our current clean up procedure:

4) Disable System Restore (XP only) [you must be Administrator]
   ^^^ this is very important to do.

     a) Click Start > Programs > Accessories > Windows Explorer
     b) Right-click My Computer, and then click Properties.
     c) Click the System Restore tab.
     d) Check the "Turn off System Restore" or "Turn off System
        Restore on all drives" check box
     e) Click Apply
     f) Click Yes to remove all restore points
     g) Click OK


--
Clyde Hoadley, CISSP
Security & Disaster Recovery Coordinator
Department of Information Technology
Metropolitan State College of Denver
hoadleyc () mscd edu (MSCD business only)
hoadleyc () viawest net (NON-mscd only)
http://clem.mscd.edu/%7Ehoadleyc/
(303) 556-5074

Edward Chase wrote:

> I'm looking for information on a file named:
>
> c:\windows\kraes.dll
>
> I've run across a machine that's got some internet weirdness going on.  It's
> been virused checked, it been run through Ad-adware and Spybot.  It's been
> Windows updated and it's been firewalled.  All have been done AFTER the
> weirdness started.
>
> The machine keeps wanting to set it's homepage to res://kraes.dll/index.html
> (followed by ? and some number which I forget)
>
> I did find the file above and manually deleted it, yet it somehow came back.
>
> The machine is Windows XP Home.
>
> I can't find anything via Google.
>
> Anybody heard of this?

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.