need a bat to run FIRST thing

Z

ZenMasta

Hi, I'm trying to remove some spyware from my pc that is attaching itself to
explorer so I can't delete it even by booting into safe mode. The spyware
replicates itself and creates additional entries in the registries, and
creates additional dlls in the system32 folder.

I know exactly which files I need to delete but I can't delete them because
they always "in use".

I've used hijackthis and I can remove everything but 2 files that are the
ones that keep recreating all the rest of the stuff. the files I need to
delete are labeled as browser helper objects in IE7. I can disable them but
there is no uninstall option and upon reboot they are always enabled again.

What I would like to do if at all possible is create a batch file that
deletes the specific files. Ideally delete files with date created of
12/3/2007 or newer, but I wouldn't want to accidentally use the wrong ><
symbol and hose my windows installation, so I'm fine with naming each file
for deletion.


I'm wondering what the best way to do this is.
edit autoexec.bat and add
CALL c:\myfile.bat ?

myfile.bat:
del C:\windows\system32\ddcbyvu.dll
del C:\windows\system32\pmkji.dll
del C:\windows\system32\pmnno.dll

Thanks in advance.
 
S

Shenan Stanley

ZenMasta said:
Hi, I'm trying to remove some spyware from my pc that is attaching
itself to explorer so I can't delete it even by booting into safe
mode. The spyware replicates itself and creates additional entries
in the registries, and creates additional dlls in the system32
folder.
I know exactly which files I need to delete but I can't delete them
because they always "in use".

I've used hijackthis and I can remove everything but 2 files that
are the ones that keep recreating all the rest of the stuff. the
files I need to delete are labeled as browser helper objects in
IE7. I can disable them but there is no uninstall option and upon
reboot they are always enabled again.
What I would like to do if at all possible is create a batch file
that deletes the specific files. Ideally delete files with date
created of 12/3/2007 or newer, but I wouldn't want to accidentally
use the wrong >< symbol and hose my windows installation, so I'm
fine with naming each file for deletion.


I'm wondering what the best way to do this is.
edit autoexec.bat and add
CALL c:\myfile.bat ?

myfile.bat:
del C:\windows\system32\ddcbyvu.dll
del C:\windows\system32\pmkji.dll
del C:\windows\system32\pmnno.dll

Thanks in advance.
Click to expand...

EXPLORER is Windows.

So - wat 'spyware' is this? OR is this a Virus/Trojan?
 
C

Claymore

Hi, I'm trying to remove some spyware from my pc that is attaching itself to
explorer so I can't delete it even by booting into safe mode. The spyware
replicates itself and creates additional entries in the registries, and
creates additional dlls in the system32 folder.

I know exactly which files I need to delete but I can't delete them because
they always "in use".

I've used hijackthis and I can remove everything but 2 files that are the
ones that keep recreating all the rest of the stuff. the files I need to
delete are labeled as browser helper objects in IE7. I can disable them but
there is no uninstall option and upon reboot they are always enabled again.

What I would like to do if at all possible is create a batch file that
deletes the specific files. Ideally delete files with date created of
12/3/2007 or newer, but I wouldn't want to accidentally use the wrong ><
symbol and hose my windows installation, so I'm fine with naming each file
for deletion.

I'm wondering what the best way to do this is.
edit autoexec.bat and add
CALL c:\myfile.bat ?

myfile.bat:
del C:\windows\system32\ddcbyvu.dll
del C:\windows\system32\pmkji.dll
del C:\windows\system32\pmnno.dll

Thanks in advance.
Click to expand...

Hello,

You have the vundo downloader trojan. You'll want to take care of
this. XP doesn't "normally" use the autoexec.bat file. Even creating
your .bat file to run out of, say, the Startup folder probably won't
work as the trojan is almost certainly loading early in the boot
process.

Have a read here for a fix for your trojan:

http://www.microsoft.com/communitie...&tid=8ee37f64-681d-432e-b820-46d8df1b8fee&p=1

Or, if you Google those dll files, I'm sure you'll find a number of
similar fixes. This is a common trojan infection.

Luck!
 
P

Patrick Keenan

ZenMasta said:
Hi, I'm trying to remove some spyware from my pc that is attaching itself
to explorer so I can't delete it even by booting into safe mode. The
spyware replicates itself and creates additional entries in the
registries, and creates additional dlls in the system32 folder.

I know exactly which files I need to delete but I can't delete them
because they always "in use".

I've used hijackthis and I can remove everything but 2 files that are the
ones that keep recreating all the rest of the stuff. the files I need to
delete are labeled as browser helper objects in IE7. I can disable them
but there is no uninstall option and upon reboot they are always enabled
again.
Click to expand...

Did you try doing this in Safe Mode?

What I would like to do if at all possible is create a batch file that
deletes the specific files.
Click to expand...

Not needed and if you can't delete the files manually, the batch file won't
be able to either.

You need to not load them in the first place, which means either booting
from another OS (CD or host) or Safe Mode.
Ideally delete files with date created of 12/3/2007 or newer, but I
wouldn't want to accidentally use the wrong >< symbol and hose my windows
installation, so I'm fine with naming each file for deletion.


I'm wondering what the best way to do this is.
Click to expand...

It isn't with a batch file. Boot with another CD, and delete the files
manually.

Or, attach the drive to another system via a USB2 case and scan it with an
A/V utility.

HTH
-pk
 
Z

ZenMasta

Claymore, you hit it right on the head. Although I'm surprised you found it
because I did try searching for many of these file names but only returned a
result once for geeda.dll and didn't find a resolve. I realize these files
are loading at boot which was why I was hoping I could make a bat file that
would run hopefully BEFORE these do :p

I don't have another pc to plug my HD into, if I did I definitely would have
as it seems to be the best/easiest thing to do.

It just sucks that all these av programs you can pay for are easily out
menouvered by 2bit trojans that load at boot or whatever. I do have a
subscription for an av app plus I use freeware stuff like spybot. I don't
understand why these programs (av/antispyware) don't use the same kind of
rootkit/boot loading tactics so they can remove the spyware/viruses.
 
P

Patrick Keenan

ZenMasta said:
Claymore, you hit it right on the head. Although I'm surprised you found
it because I did try searching for many of these file names but only
returned a result once for geeda.dll and didn't find a resolve. I realize
these files are loading at boot which was why I was hoping I could make a
bat file that would run hopefully BEFORE these do :p

I don't have another pc to plug my HD into, if I did I definitely would
have as it seems to be the best/easiest thing to do.
Click to expand...


You can also use boot CDs, such as the XP CD (into the recovery console) and
most Linux Live Boot CDs. The Ubuntu CD works very well.

HTH
-pk
 
V

V Green

Patrick Keenan said:
Did you try doing this in Safe Mode?
Click to expand...

Just had a run-in with this miserable SOB myself.

Got it by using a Java applet on Ebay to view pix
of mdse. My Sun Java wasn't up-to-date :-( and
got "exploited".

Vundo can't be removed in Safe Mode either.

It takes the VundoFix tool + often a vundofix.vft file
with the name + path of the "unremovable" file(s)
dragged & dropped onto the VundoFix window for
those it misses.

And then removal of Registry entries it creates with
HijackThis.
 
E

Elmo

ZenMasta said:
Hi, I'm trying to remove some spyware from my pc that is attaching
itself to explorer so I can't delete it even by booting into safe mode.
The spyware replicates itself and creates additional entries in the
registries, and creates additional dlls in the system32 folder.
Click to expand...


Try one of these free Virus Removal Tools:

Avast! One tool for any current virus
http://www.avast.com/eng/avast-virus-cleaner.html

Symantec Virus Removal Tools
http://www.symantec.com/business/security_response/removaltools.jsp

F-Secure Virus Removal Tools
http://www.f-secure.com/download-purchase/tools.shtml

Kaspersky Virus Removal Tools
http://www.kaspersky.com/removaltools
 
Z

ZenMasta

Thanks for the tip regarding boot cd's. I didn't think about that (well, not
the ubuntu ones). I've tried system restore/win xp before and ended up with
a hosed system once so I didn't want to go there.
 
C

Claymore

Thanks for the tip regarding boot cd's. I didn't think about that (well, not
the ubuntu ones). I've tried system restore/win xp before and ended up with
a hosed system once so I didn't want to go there.
Click to expand...

Hello again,

Google "vundo removal" for the instructions to remove this trojan.

Luck!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VIRUS! 6
need help understanding "path" statement 3
Uninstalling app correctly 2
Unable to delete spyware .dll file in Safe Mode with Command Promp 8
BAT FILE 2
Windows Explorer crashes in several circumstances 6
Windows Explorer crashes when I try to view a file property 2
can't uninstall driver files 3

Top