Greetings to such a great community, first time seen but this product is more than worth it just purely from support on the forums...Well i faced the cxxxx.nls problem recently.I will detail quickly what things i did as they may shed light in ways i dont know...(Main question is below here, this may just help later on, Skip if wish)
Turned PC on, noticed first slowed down DL rate then seeing it was sending/recieving when i either on desktop or just google whihc normally doesnt do anymore after loading...Anyway tried a quick sys restore as i recent faced something like that and i was able to restore, this time it didnt work.
AVG detected but could not properly clean the trojans, got SAS, this showed me malware in the form of Memory items/registry/etc after a full scan and deleted all quaratined items, leaving me without access to the net a sys restore to the time before the files were quartined the next morning showed i had a active working connection but of course infected...
This is repeated a few times then i finally start restoring things one by one, enabling and disabling the connection, finally one worked...deleted all the rest, restart into safe mode, replaced the patched ndis file with a clean version from C:\WINDOWS\ServicePackFiles\i386 no more reference to cxxx.nls or remaking itself via the core file ndis.
PC seems to work fine in terms of processes running, usage basic things i perhaps but what i can see its fine, Connection works fine...no more uploading while i am desktop, no more up/download in google or while i am here typing this.
All seems fine, but i know there is there is something left over, perhaps nothing that is up/downloading or able to without the other parts to the trojan but it is there, sas reports it as (side note i know and have hidden.dragon virus on my comp currently, i am not ridding it via SAS as i dont see it as a overt threat, tho any addition info and techniques for staying clean and ridding it would be nice)
If i quaratine and remove these, no more connection...have we got infomation about this, is it dangerous to keep? keylogging? uploading still perhaps? the connection still uploads a touch very now and again, am i putting others at risk retaining this for the current moment?
Basically. What should i do?
Much appreciation to those who took some time out and read this