Virus removal

Posted on 2009-02-20
Last Modified: 2013-11-22
My computer has been infected by virus, when I run spyware it does not remove the virus status is displayed at failed. The file name is xccdf16_090131a.dll.

How can I remove this. Could someone help me out please.


Question by:YRKS
    LVL 6

    Accepted Solution


    aside from updating your antivirus,
    try to run combofix

    you may get it here:

    LVL 16

    Assisted Solution

    by:Brian Pringle
    Build a BartPE disc.  Then, you can boot from the disc, locate the file, and delete it.

    LVL 47

    Assisted Solution

    Try scanning with MalwareBytes and also combofix (as already suggested)

    Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.

    If you can't access the above link then use this link and rename the file before saving to your desktop.

    Please download ComboFix by sUBs:

    You must download it to and run it from your Desktop
    Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    Double click combofix.exe & follow the prompts.
    When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
    Re-enable all the programs that were disabled during the running of ComboFix..

    Do not mouse-click combofix's window while it is running. That may cause it to stall.
    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    LVL 27

    Assisted Solution

    Malwarebytes is a good suggestion. I would add that you should run your scans in Safe Mode (F8 at Startup).
    You should disable System Restore prior to booting into Safe Mode and scanning.

    Assisted Solution

    I'm going to offer you some different advice that will let you try to manually clean your system first without having to install EVERY anti-malware program first.

    1. Go to HERE - Unlocker Assistant
         -Install Unlocker and this will allow you to delete files that normally you would not be able   to  because they were in use by some program or embedded into the OS.

    2. Download VundoFix from VundoFix by Attribune

    3. Next download Super Anti-Spyware
        - Do not install yet - this will be one of the last things to do.

    4. Download Sysinternals AutoRuns and Process Explorer
          - these will be used to remove stubborn start up entries and infected processes

    Alright, you will need to navigate to the C: , C:\Windows, C:\Windows\Fonts, and C:\Windows\System32   - during these instructions and this is what you need to do in EACH folder!

    Go to Tools -> Folder Options -> View (Tab) -> Select Show Hidden Files, folders, and drives  AND Uncheck the Hide Extensions of known file types and Hide Protected Microsoft Files.

    Next you need to Sort by 'Modified Date' so that the most Recently modified files re on the bottom.

    Inspect ALL items modified/created in the past 72-hours or 3 Days. You will probably see some very strange files names that do not make any sense at all, like for example ffkkcyyhh.dll and similar; it may not be exact, but you will definitely notice them!

     Also, you need to look for files that look like they are duplicates, here is an example:

    wsuab .exe                          <--- If you look closely you will notice a space before the extension.
                                                           Normaly you need to delete the one without a space                                                                             and rename the one WITH a space to remove the space.
    Also, another example would be...

    regedit.exe2                                -<--- Agai delete the normal named one and rename the .exe2

    Now, you need to go through all the above directories , and do not forget the Fonts directory either! After you do this you will probably have to reboot. After you reboot you can take the tools above and run them and the software others had you install and update them..

    Run VundoFix now as it should find nothing or VERY few infected files. Next, you probably have HijackThis downloaded so just rename the HiJackThis.exe to some random name like Hi_Jack_None.exe and AutoRuns and  run it. Look for any items trying to start from directories like your Documents and Settings folder or Fonts folder and remove these!

    Next, reboot and install and update SuperAntiSpyware and run a scan - remove any inections. You can run MalwareBytes again if you like, but I think it would be better assurance if you navigated to TrendMicro and ran HouseCall or went to  - which is a Panda Scan, or Kaspersky scan, or finally you could run a - which is a NOD32 scan to see if they notice any other infections.


    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
    You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
    This video discusses moving either the default database or any database to a new volume.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now