Virus removal

My computer has been infected by virus, when I run spyware it does not remove the virus status is displayed at failed. The file name is xccdf16_090131a.dll.

How can I remove this. Could someone help me out please.

Thanks

YRKS
YRKSAsked:
Who is Participating?
 
bcoyxpConnect With a Mentor Commented:
hi,

aside from updating your antivirus,
try to run combofix

you may get it here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

regards,
0
 
Brian PringleConnect With a Mentor Systems Analyst II, SCM, ERPCommented:
Build a BartPE disc.  Then, you can boot from the disc, locate the file, and delete it.

BartPE
http://www.nu2.nu/pebuilder/
0
 
rpggamergirlConnect With a Mentor Commented:
Try scanning with MalwareBytes and also combofix (as already suggested)

Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php

If you can't access the above link then use this link and rename the file before saving to your desktop.
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button



Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
 
David-HowardConnect With a Mentor Commented:
Malwarebytes is a good suggestion. I would add that you should run your scans in Safe Mode (F8 at Startup).
You should disable System Restore prior to booting into Safe Mode and scanning.
http://support.microsoft.com/kb/310405
0
 
jace5869Connect With a Mentor Commented:
I'm going to offer you some different advice that will let you try to manually clean your system first without having to install EVERY anti-malware program first.

1. Go to HERE - Unlocker Assistant
     -Install Unlocker and this will allow you to delete files that normally you would not be able   to  because they were in use by some program or embedded into the OS.

2. Download VundoFix from VundoFix by Attribune

3. Next download Super Anti-Spyware
    - Do not install yet - this will be one of the last things to do.

4. Download Sysinternals AutoRuns and Process Explorer
      - these will be used to remove stubborn start up entries and infected processes

Alright, you will need to navigate to the C: , C:\Windows, C:\Windows\Fonts, and C:\Windows\System32   - during these instructions and this is what you need to do in EACH folder!

Go to Tools -> Folder Options -> View (Tab) -> Select Show Hidden Files, folders, and drives  AND Uncheck the Hide Extensions of known file types and Hide Protected Microsoft Files.

Next you need to Sort by 'Modified Date' so that the most Recently modified files re on the bottom.

Inspect ALL items modified/created in the past 72-hours or 3 Days. You will probably see some very strange files names that do not make any sense at all, like for example ffkkcyyhh.dll and similar; it may not be exact, but you will definitely notice them!

 Also, you need to look for files that look like they are duplicates, here is an example:

wsuab.exe
wsuab .exe                          <--- If you look closely you will notice a space before the extension.
                                                       Normaly you need to delete the one without a space                                                                             and rename the one WITH a space to remove the space.
Also, another example would be...

regedit.exe
regedit.exe2                                -<--- Agai delete the normal named one and rename the .exe2

Now, you need to go through all the above directories , and do not forget the Fonts directory either! After you do this you will probably have to reboot. After you reboot you can take the tools above and run them and the software others had you install and update them..

Run VundoFix now as it should find nothing or VERY few infected files. Next, you probably have HijackThis downloaded so just rename the HiJackThis.exe to some random name like Hi_Jack_None.exe and AutoRuns and  run it. Look for any items trying to start from directories like your Documents and Settings folder or Fonts folder and remove these!

Next, reboot and install and update SuperAntiSpyware and run a scan - remove any inections. You can run MalwareBytes again if you like, but I think it would be better assurance if you navigated to TrendMicro and ran HouseCall or went to infectedornot.com  - which is a Panda Scan, or Kaspersky scan, or finally you could run a eset.com - which is a NOD32 scan to see if they notice any other infections.



LET US KNOW!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.