small.APC trojan horse creats irsbzdvy.dll anyone see this and had any luck removing it?

Posted on 2008-11-06
Last Modified: 2012-05-05
I have a infected computer with a windows login trojan horse small.APC it installs a dll irsbzdvy.dll.
When this happens on log in you get a desktop with no icons or start menu. I worked around the issue by chance: I renamed the explorer.exe to explorer2.exe and found that explorer2.exe would run by using the task manager. I then changed the shell in the registry to use the explorer2.exe and was able to boot into safe mode anduse msconfig and run in diagnostic start up and remove the trojan.

PROBLEM as soon as I restart in regular mobe and reset the mscomfig the dll shows up again.(irsbzdvy.dll) Any one see his before or have any ideas?
Question by:taagangel
    LVL 27

    Assisted Solution

    SDFix should remove this.
    You might also try downloading, updating and running in Safe Mode Malwarebytes.
    You can get it free from
    Once updated, reboot into Safe Mode (F8 at startup) and run a scan.
    You should do this with your current antivirus product as well.

    Accepted Solution

    Ran malwarebytes multiple times in safe mode it appered it removed it and I ran hyjackthis multiple times until the dll was no longer showing up. It reapered as soon as I restarted normally. I will run the sdfix in save mode and see what happens and rerun the malware and virus and then see if that takes care of it.


    Expert Comment

    Just want to add that when you clean a virus or malware from your machine one of the first things you should do is disable system restore. This is not a recommended procedure unless you are infected and cannot seem to remove the virus. Many of these newer viruses have code that backs it up to the system restore folder and will spawn a new copy once you have removed it so you have to clean out the system restore data which will keep you from ever restoring to an earlier time after you are done so once you are done make sure you turn it back on and create a new restore point.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now