Trouble deleting malicious c:/windows/system32/consol.dll file.

Problem:

F-Secure, the security software provided free as a part of my Embarq DSL service, kept providing an error popup when Internet Explorer is launched. F-Secure encountered the following: Rootkit.Win32.Podnuha.bhw. Then it tried to fix the issue, but it was not successful. After clicking on the additional info button on this popup, it was apparent that the problem was with the consol.dll file in the c:/windows/system32 folder. This issue was going on for about a month and I was hoping that the security software would eventually fix it, but it didn't.

Operating System:

Windoze XP

Additional Info:

This seemed to be malware that attacked IE only. I did notice that some of my Google searches were now being re-directed. Also, I noticed that it appeared to shutdown F-Secure (disappeared out of my system tray) when the problem occurred days later. Also, if I manually tried to run the F-Secure virus checker against this file, my F-Secure would disappear out of my system tray.

Analysis:

I tried a lot of different utilities including SpyBot, McAfee Stinger and Security Task Manager. Nothing would cure the issue. I tried to manually delete or rename the file, tried to manually change references to consol.dll in the registry. I also stopped explorer.exe in the taskmanager and then tried to manually rename the file. I also tried booting in safe mode. None of this worked.

Solution:

Recovery Console. I downloaded a utility called ComboFix and launched it. One of the first things it noticed is that I did not have recovery console installed. It installed it for me and also cleaned a bunch of other bad stuff off of my machine. When it was done, I just rebooted and selected the recovery console. Once it started, it was at a DOS prompt. I simply typed "del c:\windows\system32\consol.dll". Problem solved!