1. Using the usual anti-parasite tools?
2. Using another browser other than IE when you can?
The Security Forum notes these tools and the possible hijacker that appears to be in this system almost daily.
First let me say, yes...this IS the correct file name and I am writing here because of another fellow (Jots) having a similar problem: the module being referenced is slitghly altered and the .CPY is added.
Here's the skinny:
Everytime I boot this puter I get that error message. I have to open and run Dr. Watson and it goes away. ONE time, and ONE time only, Watson reported the following....
WMOCK32.CPY.DLL attempted to read from memory that does not exist. It may be using an uninitialized variable or it may be attempting to access memory after having freed it. Module WMOCK32.CPY.DLL
Now, when I close DOWN the puter, I also get and Explorer caused IPF in WMOCK32.CPY.DLL as well as an Explorer caused IPF in Kernel32.dll. The "kernel" error I believe was caused by a corrupted password list file, I've deleted and recreated the pwl file according, and am waiting to see if I get that one again.
As for the Explorer IPF associated with this strange module, it continues to happen everytime on shut down.
Further, it seems some information out there is suggesting I have a corrupted WSOCK32.DLL file. I downloaded a new version, but can not shut down and restart in DOS in order to delete the old and reinstall the new.
Ah...hang on...this is why my sn is BrainDead!
In the Registry, there IS an entry under the CLSID's/InprocServer32 which reads "C:\WINDOWS\SYSTEM\WMOCK32.DLL".
Here's what I'm concluding: the WSOCK file was/is corrupted and the name has been changed to WMOCK. I want to modify this key and say WSOCK32.DLL. What I do NOT know, is what will happen if I'm wrong?
I've already exported the key to prepare to delete this entire CLSID if necessary.
Now, suggestions please before I proceed?? And THANK you and Jot I hope maybe part of the answer here will help you, as well.