Virus can't be removed!

[Chuck Davis]

Trying to remove viruses and other junk from a Club member's computer. I
have executed just about every virus, malware, adware removal program that I
can find.
The member bought the computer years ago, but never activated the Norton
products. Never updated Windows, never... oh! never mind!

To prevent access to the Internet by the malware programs, I downloaded and
installed the COMODO Firewall.
Ad-aware removed 51 malware programs.

Downloaded and installed AVG Anti-virus which found 65 viruses and healed
63, but cannot heal or quarantine this item.
Trendmicro's online scan gets to the file and aborts.

It is found at: c:\WINDOWS\SYSTEM32\hlpl.dll

I have attempted to simply delete it. The response is that "Access denied...
may be 'Read Only""
I start up in Safe Mode, same results. Then I attempted to turn off the Read
Only access to the SYSTEM32 folder, seemed to work for a few files, but the
stopped at that particular .dll file with the "Access denied..." message.
I have started in Safe Mode With Command Prompt. Still can't delete the
file!

At this point, I installed Service Pack 2 and the 65 critical updates since
SP2 was issued. Installed IE7. Ran Windows Live OneCare which found several
additional viruses, but couldn't resolve this issue.

All of this for a $20 donation that the member will donate to the club!

Any thoughts? How can I delete the .dll?

 

[Frankster]

Trying to remove viruses and other junk from a Club member's computer. I
have executed just about every virus, malware, adware removal program that
I can find.
The member bought the computer years ago, but never activated the Norton
products. Never updated Windows, never... oh! never mind!

To prevent access to the Internet by the malware programs, I downloaded
and installed the COMODO Firewall.
Ad-aware removed 51 malware programs.

Downloaded and installed AVG Anti-virus which found 65 viruses and healed
63, but cannot heal or quarantine this item.
Trendmicro's online scan gets to the file and aborts.

It is found at: c:\WINDOWS\SYSTEM32\hlpl.dll

I have attempted to simply delete it. The response is that "Access
denied... may be 'Read Only""
I start up in Safe Mode, same results. Then I attempted to turn off the
Read Only access to the SYSTEM32 folder, seemed to work for a few files,
but the stopped at that particular .dll file with the "Access denied..."
message.
I have started in Safe Mode With Command Prompt. Still can't delete the
file!

At this point, I installed Service Pack 2 and the 65 critical updates
since SP2 was issued. Installed IE7. Ran Windows Live OneCare which found
several additional viruses, but couldn't resolve this issue.

All of this for a $20 donation that the member will donate to the club!

Any thoughts? How can I delete the .dll?

I'll tell you for $20! LOL! Just kidding!

You might try booting from any one of numerous CD boot programs that allow
access to NTFS partitions (I assume it's NTFS, whatever...) and delete it
from the command line. Usually, if you have not booted from the drive, you
can delete anything on it.

-Frank

 

[David H. Lipman]

From: "Chuck Davis" <newsgroup at anthemwebs dot com>

| Trying to remove viruses and other junk from a Club member's computer. I
| have executed just about every virus, malware, adware removal program that I
| can find.
| The member bought the computer years ago, but never activated the Norton
| products. Never updated Windows, never... oh! never mind!
|
| To prevent access to the Internet by the malware programs, I downloaded and
| installed the COMODO Firewall.
| Ad-aware removed 51 malware programs.
|
| Downloaded and installed AVG Anti-virus which found 65 viruses and healed
| 63, but cannot heal or quarantine this item.
| Trendmicro's online scan gets to the file and aborts.
|
| It is found at: c:\WINDOWS\SYSTEM32\hlpl.dll
|
| I have attempted to simply delete it. The response is that "Access denied...
| may be 'Read Only""
| I start up in Safe Mode, same results. Then I attempted to turn off the Read
| Only access to the SYSTEM32 folder, seemed to work for a few files, but the
| stopped at that particular .dll file with the "Access denied..." message.
| I have started in Safe Mode With Command Prompt. Still can't delete the
| file!
|
| At this point, I installed Service Pack 2 and the 65 critical updates since
| SP2 was issued. Installed IE7. Ran Windows Live OneCare which found several
| additional viruses, but couldn't resolve this issue.
|
| All of this for a $20 donation that the member will donate to the club!
|
| Any thoughts? How can I delete the .dll?
|

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

c:\WINDOWS\SYSTEM32\hlpl.dll may be a Conhook Trojan and can be difficult to remove.

I want you to know, OneCare is just plain junk. It has the worst catch rate in the anti
virus industry. Additionally it is contraindicated to have TWO fully installed anti virus
products obn a PC. In this case, AVG and OneCare.

If you are going to use and anti virus application, AVG is better than OneCare and OneCare
should be removed. However, if you *must* use a free AV application then I suggest AntiVir
which is better than AVG.

The person should PAY for anti virus and Kaspersky or NOD32 are suggested.

I don't know what anti malware utilities you have used
Please download, install and update the following software...

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.


* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[Ronnie Vernon MVP]

Chuck

With a system that has suffered an infection by so many virus, that extensively, you would be better served to simply reformat the drive and reinstall everything from scratch. You will just never be absoulutely sure that everything has been cleaned.

 

[Guest]

Chuck

With a system that has suffered an infection by so many virus, that extensively, you would be better served to simply reformat the drive and reinstall everything from scratch. You will just never be absoulutely sure that everything has been cleaned.

--

Ronnie Vernon
Microsoft MVP
Windows Shell/User

You never know. The person that got the malicious program in the first place
may have had their IP tracked, so if you reformat, then activate the XP
firewall and search for updates, and install antivirus, antispyware, and
firewall programs.

 

[David H. Lipman]

From: "William" <[email protected]>


| You never know. The person that got the malicious program in the first place
| may have had their IP tracked, so if you reformat, then activate the XP
| firewall and search for updates, and install antivirus, antispyware, and
| firewall programs.

So ? What's the point ?

The IP means nothing.

Here's my IP -- 68.160.108.245
Have phun.

 

[Ted]

"Chuck Davis" <newsgroup at anthemwebs dot com> wrote in message
Trying to remove viruses and other junk from a Club member's computer. I
have executed just about every virus, malware, adware removal program that I
can find.
The member bought the computer years ago, but never activated the Norton
products. Never updated Windows, never... oh! never mind!

[snip]....

You might try MoveOnBoot before you have to reformat.

http://www.snapfiles.com/get/moveonboot.html

Ted

 

[Guest]

"Chuck Davis" <newsgroup at anthemwebs dot com> wrote in message
Trying to remove viruses and other junk from a Club member's computer. I
have executed just about every virus, malware, adware removal program that I
can find.
The member bought the computer years ago, but never activated the Norton
products. Never updated Windows, never... oh! never mind!

[snip]....

You might try MoveOnBoot before you have to reformat.

http://www.snapfiles.com/get/moveonboot.html

Ted

David, if the IP is tracked, things can happen. You never know. They may run
a port scanner on your IP and when they find an open port, they'll just
reinstall the malicious software.

 

[David H. Lipman]

From: "William" <[email protected]>

the IP is tracked, things can happen. You never know. They may run
| a port scanner on your IP and when they find an open port, they'll just
| reinstall the malicious software.

You replied to Ted... Not me.

Since I have a Linksys Router and it adds a level of security, they can port scan me to
their hearts desire