Topic created on: February 20, 2012 08:14 CST by charlie .
I've a malware which hooks into the Windows shutdown procedure by deleting its own copy, is there a way to find the process which had hooked to this procedure ?
I know its hooked because its resident in memory my antivirus scan doesn't get rid of it. It deletes the on disk files and is resident in memory.
related to this http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Caphaw.A.
I want to find the culprit process and kill it manually.
thanks in advance.