spyware-can't delete dll file

[Guest]

I've done a search on the forums and tried their suggestions for the past few
days but nothing is resolving my problem. I have a malware/spyware and its
really embedded on my c:\windows\system32 folder. I ran AdAware, Spybot,
(with updated files) and Trend in Safemode to try and delete,
rename....everything but nothing. Even tried shutting down explorer.exe in
the task manager and it still won't allow me to delete this file.

The specific file name is evenops.dll from Virtumonde/DriveCleaner 2006 and
it keeps installing the same files every restart. They also appear in my
registry which I can delete no prob. Suggestions are welcome.

Thanks in advance.

Minty

 

[Guest]

I've done a search on the forums and tried their suggestions for the past few
days but nothing is resolving my problem. I have a malware/spyware and its
really embedded on my c:\windows\system32 folder. I ran AdAware, Spybot,
(with updated files) and Trend in Safemode to try and delete,
rename....everything but nothing. Even tried shutting down explorer.exe in
the task manager and it still won't allow me to delete this file.

The specific file name is evenops.dll from Virtumonde/DriveCleaner 2006 and
it keeps installing the same files every restart. They also appear in my
registry which I can delete no prob. Suggestions are welcome.

Thanks in advance.

Minty

Hi Minty,
DriveCleaner
http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99&tabid=2
W32/Darby-E
http://www.sophos.com/security/analyses/w32darbye.html

http://www.castlecops.com/postitle168916-0-0-.html
http://www.bleepingcomputer.com/forums/topic71782.html
HTH.
nass

 

[Malke]

I've done a search on the forums and tried their suggestions for the past few
days but nothing is resolving my problem. I have a malware/spyware and its
really embedded on my c:\windows\system32 folder. I ran AdAware, Spybot,
(with updated files) and Trend in Safemode to try and delete,
rename....everything but nothing. Even tried shutting down explorer.exe in
the task manager and it still won't allow me to delete this file.

The specific file name is evenops.dll from Virtumonde/DriveCleaner 2006 and
it keeps installing the same files every restart. They also appear in my
registry which I can delete no prob. Suggestions are welcome.

Thanks in advance.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed below (not here, please).

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement
and the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5


Malke

 

[Patrick Keenan]

I've done a search on the forums and tried their suggestions for the past
few
days but nothing is resolving my problem. I have a malware/spyware and
its
really embedded on my c:\windows\system32 folder. I ran AdAware, Spybot,
(with updated files) and Trend in Safemode to try and delete,
rename....everything but nothing. Even tried shutting down explorer.exe
in
the task manager and it still won't allow me to delete this file.

The specific file name is evenops.dll from Virtumonde/DriveCleaner 2006
and
it keeps installing the same files every restart. They also appear in my
registry which I can delete no prob. Suggestions are welcome.

Thanks in advance.

Minty

You may not be able to delete it on the first pass, but you should be able
to pop into Safe Mode and rename it (I usually use *.bad). Restart, and the
launcher won't be able to find the file to launch it, and you can delete
it.

Mounting that drive in another system, or attaching it via USB, will also
prevent the malware from launching with Windows and you can get rid of it in
one pass.

Note that this may be launched from yet another malware app, so while you
have the drive out, rescan it with Trend Micro's Housecall service. Also,
check the system32 folder for files marked hidden and system. There should
be some, but you may find that the culprits are hidden. Run a command
prompt, go to the folder, type "dir /ah".

HTH
-pk

 

[Kelly]

Hi,

Use Killbox: http://killbox.net/
Unregister the dll before delete.
--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm

Is it October already? Either way, Happy Birthday if today is your
birthday!