I wrote this guide after I discovered a faster and easier way to delete this file.
The guide can be found here:
http://www.retro-zone.org/support_pc_windows_compstu.dll.html
Ma wrote:
compstu.dll
26-Dec-07
Have 2 identical PCs with Win XP Home SP2. One has a file in
C:\windows\system32 named compstu.dll, the other does not. This file is
corrupted by a trojan. Have tried to delete this file by going into Safe
Mode but it will not delete. The message says it is either in use or write
protected
What can I do now
Thanks in advance.
Previous Posts In This Thread:
compstu.dll
Have 2 identical PCs with Win XP Home SP2. One has a file in
C:\windows\system32 named compstu.dll, the other does not. This file is
corrupted by a trojan. Have tried to delete this file by going into Safe
Mode but it will not delete. The message says it is either in use or write
protected
What can I do now
Thanks in advance.
RE: compstu.dll
It is a BHO.DL installaed itself in the system Root and given itself an
Admin privileges and write protected file, but it can be changed through the
security Tab on that File properties!
If you will go to this Key you will find it running itself and Admin
[-]HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa = in the right
pane you will see entry like this os so
Msv0_1 "C:\Windows\System32\compstu.dll
The above should be Msv0_1 the reset is not there, it been added by the
Trojans/Worm
an
CurrentControlSet0
CurrentControlSet02
Go through these Cleaning steps
1... First, try to clean up your caches, Internet files and delete cookie
by doing this
Click Start >> Control Panel >> Double click Network and Interne
Connections >> Double click Internet Options
On the IE properties windows you will see these Tabs
General | Security | Privacy | Content | Connections | Programs
Advance
Under General Tab clear your History, Internet Files and Cookies
Then click on Advanced tab and scroll down to under the Browsing Option
[&] Browsin
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box
Then click on Programs Tab and click Manage Add-Ons and Disable all no
Verified Add-Ons (You should Renable them later one-by-one and see th
culprit and update it or remove it
How to manage Add-Ons
http://support.microsoft.com/kb/88325
Scan for malware from here
SuperAntispyware - Fre
http://www.superantispyware.com/superantispywarefreevspro.htm
RootkitRevealer v1.7
By Bryce Cogswell and Mark Russinovic
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.msp
Run a scan from here off-line scanner
Download Avast Cleaner (offline scanner) from here
http://www.avast.com/eng/avast-virus-cleaner.htm
2- Download the Hijackthis and send the report to one of man
forums for analysis and troubleshooting
http://www.merijn.org/index.ph
When all else fails, HijackThis v2.0.
(
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) i
the preferred tool to use
It will help you to both identify and remove any hijackware/spyware. Pos
your log to
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://forums.subratam.org/index.php?showforum=7, or other appropriat
forums for expert analysis, not here.
Let us know how it is going
nas
---
http://www.nasstec.co.uk
RE: compstu.dll
nass
Thanks for the info. Found C:\windows\system32\compstu.dll in the registry
in 2 places as data and deleted it. Went thru all your cleaning steps.
Restarted the PC and found 1) the data returned to the registry, and 2) still
could not delete the file compstu.dll. How can I get rid of this file? Am
at the last straw - please help
Ma
:
Hi Max,Yes, it will come back again as it been write protected, my advice to
Hi Max
Yes, it will come back again as it been write protected, my advice to you
try to run the Hijackthis and send the log to one of many forums and please
can you send me one at here:
to_you_rossatyahoo.co.uk for more help, if you wish.
This a Vundo variants by the looks of it, and can be nasty piece of Viral
infection to rid of, be prepared and backup your Data on Removable Storage.
HTH.
nass
---
http://www.nasstec.co.uk
:
Submitted via EggHeadCafe - Software Developer Portal of Choice
WPF Binding Beyond the Limitation of Name Scopes
http://www.eggheadcafe.com/tutorial...f-49faac8854c8/wpf-binding-beyond-the-li.aspx