Guest Minty Posted August 8, 2007 Posted August 8, 2007 I've done a search on the forums and tried their suggestions for the past few days but nothing is resolving my problem. I have a malware/spyware and its really embedded on my c:\windows\system32 folder. I ran AdAware, Spybot, (with updated files) and Trend in Safemode to try and delete, rename....everything but nothing. Even tried shutting down explorer.exe in the task manager and it still won't allow me to delete this file. The specific file name is evenops.dll from Virtumonde/DriveCleaner 2006 and it keeps installing the same files every restart. They also appear in my registry which I can delete no prob. Suggestions are welcome. Thanks in advance. Minty
Guest nass Posted August 8, 2007 Posted August 8, 2007 RE: spyware-can't delete dll file "Minty" wrote: > I've done a search on the forums and tried their suggestions for the past few > days but nothing is resolving my problem. I have a malware/spyware and its > really embedded on my c:\windows\system32 folder. I ran AdAware, Spybot, > (with updated files) and Trend in Safemode to try and delete, > rename....everything but nothing. Even tried shutting down explorer.exe in > the task manager and it still won't allow me to delete this file. > > The specific file name is evenops.dll from Virtumonde/DriveCleaner 2006 and > it keeps installing the same files every restart. They also appear in my > registry which I can delete no prob. Suggestions are welcome. > > Thanks in advance. > > Minty Hi Minty, DriveCleaner http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99&tabid=2 W32/Darby-E http://www.sophos.com/security/analyses/w32darbye.html http://www.castlecops.com/postitle168916-0-0-.html http://www.bleepingcomputer.com/forums/topic71782.html HTH. nass ------ http://www.nasstec.co.uk
Guest Malke Posted August 8, 2007 Posted August 8, 2007 Re: spyware-can't delete dll file Minty wrote: > I've done a search on the forums and tried their suggestions for the past few > days but nothing is resolving my problem. I have a malware/spyware and its > really embedded on my c:\windows\system32 folder. I ran AdAware, Spybot, > (with updated files) and Trend in Safemode to try and delete, > rename....everything but nothing. Even tried shutting down explorer.exe in > the task manager and it still won't allow me to delete this file. > > The specific file name is evenops.dll from Virtumonde/DriveCleaner 2006 and > it keeps installing the same files every restart. They also appear in my > registry which I can delete no prob. Suggestions are welcome. > > Thanks in advance. When all else fails, run HijackThis and post your log in one of the specialty forums listed below (not here, please). http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another tutorial http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies *first*. http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 Malke -- Elephant Boy Computers http://www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User
Guest Patrick Keenan Posted August 8, 2007 Posted August 8, 2007 Re: spyware-can't delete dll file "Minty" <Minty@discussions.microsoft.com> wrote in message news:6D3EF5E3-7329-4BE0-80B7-1AF4A60C6546@microsoft.com... > I've done a search on the forums and tried their suggestions for the past > few > days but nothing is resolving my problem. I have a malware/spyware and > its > really embedded on my c:\windows\system32 folder. I ran AdAware, Spybot, > (with updated files) and Trend in Safemode to try and delete, > rename....everything but nothing. Even tried shutting down explorer.exe > in > the task manager and it still won't allow me to delete this file. > > The specific file name is evenops.dll from Virtumonde/DriveCleaner 2006 > and > it keeps installing the same files every restart. They also appear in my > registry which I can delete no prob. Suggestions are welcome. > > Thanks in advance. > > Minty You may not be able to delete it on the first pass, but you should be able to pop into Safe Mode and rename it (I usually use *.bad). Restart, and the launcher won't be able to find the file to launch it, and you can delete it. Mounting that drive in another system, or attaching it via USB, will also prevent the malware from launching with Windows and you can get rid of it in one pass. Note that this may be launched from yet another malware app, so while you have the drive out, rescan it with Trend Micro's Housecall service. Also, check the system32 folder for files marked hidden and system. There should be some, but you may find that the culprits are hidden. Run a command prompt, go to the folder, type "dir /ah". HTH -pk
Guest Kelly Posted August 8, 2007 Posted August 8, 2007 Re: spyware-can't delete dll file Hi, Use Killbox: http://killbox.net/ Unregister the dll before delete. -- All the Best, Kelly (MS-MVP/DTS&XP) Taskbar Repair Tool Plus! http://www.kellys-korner-xp.com/taskbarplus!.htm Is it October already? Either way, Happy Birthday if today is your birthday! "Minty" <Minty@discussions.microsoft.com> wrote in message news:6D3EF5E3-7329-4BE0-80B7-1AF4A60C6546@microsoft.com... > I've done a search on the forums and tried their suggestions for the past > few > days but nothing is resolving my problem. I have a malware/spyware and > its > really embedded on my c:\windows\system32 folder. I ran AdAware, Spybot, > (with updated files) and Trend in Safemode to try and delete, > rename....everything but nothing. Even tried shutting down explorer.exe > in > the task manager and it still won't allow me to delete this file. > > The specific file name is evenops.dll from Virtumonde/DriveCleaner 2006 > and > it keeps installing the same files every restart. They also appear in my > registry which I can delete no prob. Suggestions are welcome. > > Thanks in advance. > > Minty
Recommended Posts