Note: This article was originally written on reich-consulting.net. Reich Web Consulting has narrowed its focus to the web and no longer offers tech support services, so we’ve moved all of our tech support content off-site. We hope you find this article useful. It is provided as-is, and we will no longer provide support on this topic.
I’m in the process of patching up a particularly nasty virus called Agent2.AGCV. Part of the virus resides in a file called C:\windows\system32\kbdsock.dll. What I noticed is that when the deleted the file or allowed AVG to clean it, it would reappear after the next reboot.
Prevent the actual virus file from loading by booting up to a Windows installation CD and entering the Recovery Console. Copy another DLL file over kbdsock.dll and reboot. The file you just copied will be loaded instead of the virus.