[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Virus removal

Posted on 2009-02-20
5
Medium Priority
?
529 Views
Last Modified: 2013-11-22
My computer has been infected by virus, when I run spyware it does not remove the virus status is displayed at failed. The file name is xccdf16_090131a.dll.

How can I remove this. Could someone help me out please.

Thanks

YRKS
0
Comment
Question by:YRKS
5 Comments
 
LVL 6

Accepted Solution

by:
bcoyxp earned 300 total points
ID: 23698409
hi,

aside from updating your antivirus,
try to run combofix

you may get it here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

regards,
0
 
LVL 16

Assisted Solution

by:Brian Pringle
Brian Pringle earned 300 total points
ID: 23698574
Build a BartPE disc.  Then, you can boot from the disc, locate the file, and delete it.

BartPE
http://www.nu2.nu/pebuilder/
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 300 total points
ID: 23699607
Try scanning with MalwareBytes and also combofix (as already suggested)

Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php

If you can't access the above link then use this link and rename the file before saving to your desktop.
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button



Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
 
LVL 27

Assisted Solution

by:David-Howard
David-Howard earned 300 total points
ID: 23702678
Malwarebytes is a good suggestion. I would add that you should run your scans in Safe Mode (F8 at Startup).
You should disable System Restore prior to booting into Safe Mode and scanning.
http://support.microsoft.com/kb/310405
0
 

Assisted Solution

by:jace5869
jace5869 earned 300 total points
ID: 23703451
I'm going to offer you some different advice that will let you try to manually clean your system first without having to install EVERY anti-malware program first.

1. Go to HERE - Unlocker Assistant
     -Install Unlocker and this will allow you to delete files that normally you would not be able   to  because they were in use by some program or embedded into the OS.

2. Download VundoFix from VundoFix by Attribune

3. Next download Super Anti-Spyware
    - Do not install yet - this will be one of the last things to do.

4. Download Sysinternals AutoRuns and Process Explorer
      - these will be used to remove stubborn start up entries and infected processes

Alright, you will need to navigate to the C: , C:\Windows, C:\Windows\Fonts, and C:\Windows\System32   - during these instructions and this is what you need to do in EACH folder!

Go to Tools -> Folder Options -> View (Tab) -> Select Show Hidden Files, folders, and drives  AND Uncheck the Hide Extensions of known file types and Hide Protected Microsoft Files.

Next you need to Sort by 'Modified Date' so that the most Recently modified files re on the bottom.

Inspect ALL items modified/created in the past 72-hours or 3 Days. You will probably see some very strange files names that do not make any sense at all, like for example ffkkcyyhh.dll and similar; it may not be exact, but you will definitely notice them!

 Also, you need to look for files that look like they are duplicates, here is an example:

wsuab.exe
wsuab .exe                          <--- If you look closely you will notice a space before the extension.
                                                       Normaly you need to delete the one without a space                                                                             and rename the one WITH a space to remove the space.
Also, another example would be...

regedit.exe
regedit.exe2                                -<--- Agai delete the normal named one and rename the .exe2

Now, you need to go through all the above directories , and do not forget the Fonts directory either! After you do this you will probably have to reboot. After you reboot you can take the tools above and run them and the software others had you install and update them..

Run VundoFix now as it should find nothing or VERY few infected files. Next, you probably have HijackThis downloaded so just rename the HiJackThis.exe to some random name like Hi_Jack_None.exe and AutoRuns and  run it. Look for any items trying to start from directories like your Documents and Settings folder or Fonts folder and remove these!

Next, reboot and install and update SuperAntiSpyware and run a scan - remove any inections. You can run MalwareBytes again if you like, but I think it would be better assurance if you navigated to TrendMicro and ran HouseCall or went to infectedornot.com  - which is a Panda Scan, or Kaspersky scan, or finally you could run a eset.com - which is a NOD32 scan to see if they notice any other infections.



LET US KNOW!
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question