compstu.dll

  • Thread starter Thread starter Max
  • Start date Start date
M

Max

Have 2 identical PCs with Win XP Home SP2. One has a file in
C:\windows\system32 named compstu.dll, the other does not. This file is
corrupted by a trojan. Have tried to delete this file by going into Safe
Mode but it will not delete. The message says it is either in use or write
protected.

What can I do now?

Thanks in advance.
 
Max said:
Have 2 identical PCs with Win XP Home SP2. One has a file in
C:\windows\system32 named compstu.dll, the other does not. This file is
corrupted by a trojan. Have tried to delete this file by going into Safe
Mode but it will not delete. The message says it is either in use or write
protected.

What can I do now?

Thanks in advance.

It is a BHO.DL installaed itself in the system Root and given itself an
Admin privileges and write protected file, but it can be changed through the
security Tab on that File properties!.

If you will go to this Key you will find it running itself and Admin:
[-]HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa = in the right
pane you will see entry like this os so:

Msv0_1 "C:\Windows\System32\compstu.dll"
The above should be Msv0_1 the reset is not there, it been added by the
Trojans/Worm.

and
CurrentControlSet01
CurrentControlSet02

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here off-line scanner:
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Let us know how it is going.
nass
 
nass,
Thanks for the info. Found C:\windows\system32\compstu.dll in the registry
in 2 places as data and deleted it. Went thru all your cleaning steps.
Restarted the PC and found 1) the data returned to the registry, and 2) still
could not delete the file compstu.dll. How can I get rid of this file? Am
at the last straw - please help.
Max

nass said:
Max said:
Have 2 identical PCs with Win XP Home SP2. One has a file in
C:\windows\system32 named compstu.dll, the other does not. This file is
corrupted by a trojan. Have tried to delete this file by going into Safe
Mode but it will not delete. The message says it is either in use or write
protected.

What can I do now?

Thanks in advance.

It is a BHO.DL installaed itself in the system Root and given itself an
Admin privileges and write protected file, but it can be changed through the
security Tab on that File properties!.

If you will go to this Key you will find it running itself and Admin:
[-]HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa = in the right
pane you will see entry like this os so:

Msv0_1 "C:\Windows\System32\compstu.dll"
The above should be Msv0_1 the reset is not there, it been added by the
Trojans/Worm.

and
CurrentControlSet01
CurrentControlSet02

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here off-line scanner:
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Let us know how it is going.
nass
 
Hi Max,
Yes, it will come back again as it been write protected, my advice to you
try to run the Hijackthis and send the log to one of many forums and please
can you send me one at here:
to_you_rossatyahoo.co.uk for more help, if you wish.
This a Vundo variants by the looks of it, and can be nasty piece of Viral
infection to rid of, be prepared and backup your Data on Removable Storage.
HTH.
nass
---
http://www.nasstec.co.uk

Max said:
nass,
Thanks for the info. Found C:\windows\system32\compstu.dll in the registry
in 2 places as data and deleted it. Went thru all your cleaning steps.
Restarted the PC and found 1) the data returned to the registry, and 2) still
could not delete the file compstu.dll. How can I get rid of this file? Am
at the last straw - please help.
Max

nass said:
Max said:
Have 2 identical PCs with Win XP Home SP2. One has a file in
C:\windows\system32 named compstu.dll, the other does not. This file is
corrupted by a trojan. Have tried to delete this file by going into Safe
Mode but it will not delete. The message says it is either in use or write
protected.

What can I do now?

Thanks in advance.

It is a BHO.DL installaed itself in the system Root and given itself an
Admin privileges and write protected file, but it can be changed through the
security Tab on that File properties!.

If you will go to this Key you will find it running itself and Admin:
[-]HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa = in the right
pane you will see entry like this os so:

Msv0_1 "C:\Windows\System32\compstu.dll"
The above should be Msv0_1 the reset is not there, it been added by the
Trojans/Worm.

and
CurrentControlSet01
CurrentControlSet02

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here off-line scanner:
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Let us know how it is going.
nass
 
I wrote this guide after I discovered a faster and easier way to delete this file.
The guide can be found here:

http://www.retro-zone.org/support_pc_windows_compstu.dll.html



Ma wrote:

compstu.dll
26-Dec-07

Have 2 identical PCs with Win XP Home SP2. One has a file in
C:\windows\system32 named compstu.dll, the other does not. This file is
corrupted by a trojan. Have tried to delete this file by going into Safe
Mode but it will not delete. The message says it is either in use or write
protected

What can I do now

Thanks in advance.

Previous Posts In This Thread:

compstu.dll
Have 2 identical PCs with Win XP Home SP2. One has a file in
C:\windows\system32 named compstu.dll, the other does not. This file is
corrupted by a trojan. Have tried to delete this file by going into Safe
Mode but it will not delete. The message says it is either in use or write
protected

What can I do now

Thanks in advance.

RE: compstu.dll

It is a BHO.DL installaed itself in the system Root and given itself an
Admin privileges and write protected file, but it can be changed through the
security Tab on that File properties!

If you will go to this Key you will find it running itself and Admin
[-]HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa = in the right
pane you will see entry like this os so

Msv0_1 "C:\Windows\System32\compstu.dll
The above should be Msv0_1 the reset is not there, it been added by the
Trojans/Worm

an
CurrentControlSet0
CurrentControlSet02

Go through these Cleaning steps
1... First, try to clean up your caches, Internet files and delete cookie
by doing this
Click Start >> Control Panel >> Double click Network and Interne
Connections >> Double click Internet Options
On the IE properties windows you will see these Tabs
General | Security | Privacy | Content | Connections | Programs
Advance
Under General Tab clear your History, Internet Files and Cookies
Then click on Advanced tab and scroll down to under the Browsing Option
[&] Browsin
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box
Then click on Programs Tab and click Manage Add-Ons and Disable all no
Verified Add-Ons (You should Renable them later one-by-one and see th
culprit and update it or remove it
How to manage Add-Ons
http://support.microsoft.com/kb/88325
Scan for malware from here

SuperAntispyware - Fre
http://www.superantispyware.com/superantispywarefreevspro.htm
RootkitRevealer v1.7
By Bryce Cogswell and Mark Russinovic
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.msp

Run a scan from here off-line scanner
Download Avast Cleaner (offline scanner) from here
http://www.avast.com/eng/avast-virus-cleaner.htm

2- Download the Hijackthis and send the report to one of man
forums for analysis and troubleshooting
http://www.merijn.org/index.ph
When all else fails, HijackThis v2.0.
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) i
the preferred tool to use
It will help you to both identify and remove any hijackware/spyware. Pos
your log to http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://forums.subratam.org/index.php?showforum=7, or other appropriat
forums for expert analysis, not here.
Let us know how it is going
nas
---
http://www.nasstec.co.uk

RE: compstu.dll
nass
Thanks for the info. Found C:\windows\system32\compstu.dll in the registry
in 2 places as data and deleted it. Went thru all your cleaning steps.
Restarted the PC and found 1) the data returned to the registry, and 2) still
could not delete the file compstu.dll. How can I get rid of this file? Am
at the last straw - please help
Ma

:

Hi Max,Yes, it will come back again as it been write protected, my advice to
Hi Max
Yes, it will come back again as it been write protected, my advice to you
try to run the Hijackthis and send the log to one of many forums and please
can you send me one at here:
to_you_rossatyahoo.co.uk for more help, if you wish.
This a Vundo variants by the looks of it, and can be nasty piece of Viral
infection to rid of, be prepared and backup your Data on Removable Storage.
HTH.
nass
---
http://www.nasstec.co.uk

:


Submitted via EggHeadCafe - Software Developer Portal of Choice
WPF Binding Beyond the Limitation of Name Scopes
http://www.eggheadcafe.com/tutorial...f-49faac8854c8/wpf-binding-beyond-the-li.aspx
 
Back
Top