Virus issue, High risk

  • Thread starter Thread starter Illusion
  • Start date Start date
I

Illusion

Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web
server and downloads sevral other virus files..
Tryied to remove it before internet was turn on but no luck.
Got some files wich it downloads as soon as internet is there, but simply
cant remove that host file..
It slows down internet speed by 98% so online scanners cant reach it in time
before it activated another entry for it..
And same with the virus program, since it is in the temp dir i tryied to
only scan that dir but same result..
When the scan was done after 5 sec for temp dir the file had made 112 new
entrys linked to the file so it could not be removed..
Every time u tries to simply delete it it makes some other crappy entry and
resetts..
Virus program ref to utlrexue.dll and lvlpdtev.dll



Mail: (e-mail address removed)
 
Cleaning a Compromised System
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

After reformatting your hard drive and reinstalling your operating system,
consider installing a good antivirus program, such as Windows OneCare.
You can try it absolutely FREE for 90 days.
http://onecare.live.com/standard/en-us/default.htm


--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows System & Performance

---------------------------------------------------------------

:

Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web
server and downloads sevral other virus files..
Tryied to remove it before internet was turn on but no luck.
Got some files wich it downloads as soon as internet is there, but simply
cant remove that host file..
It slows down internet speed by 98% so online scanners cant reach it in time
before it activated another entry for it..
And same with the virus program, since it is in the temp dir i tryied to
only scan that dir but same result..
When the scan was done after 5 sec for temp dir the file had made 112 new
entrys linked to the file so it could not be removed..
Every time u tries to simply delete it it makes some other crappy entry and
resetts..
Virus program ref to utlrexue.dll and lvlpdtev.dll



Mail: (e-mail address removed)
 
Illusion said:
Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some
web server and downloads sevral other virus files..
Tryied to remove it before internet was turn on but no luck.
Got some files wich it downloads as soon as internet is there, but simply
cant remove that host file..
It slows down internet speed by 98% so online scanners cant reach it in
time before it activated another entry for it..
And same with the virus program, since it is in the temp dir i tryied to
only scan that dir but same result..
When the scan was done after 5 sec for temp dir the file had made 112 new
entrys linked to the file so it could not be removed..
Every time u tries to simply delete it it makes some other crappy entry
and resetts..
Virus program ref to utlrexue.dll and lvlpdtev.dll

Googling for those names brings up nothing, but this is not surprising since
it is common for viruses/malware to name their files randomly. It does make
it difficult to give you pinpointed removal steps, however. You should go
through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. You will
generally be asked to:

1. Download and execute HiJack This! (HJT) -
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word
wrap"

3. Download/run Deckard's System Scanner -
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post at the
forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.

Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech;
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may be
so infested that Windows will need to be clean-installed. If possible, have
all your data backed up before you take the machine into a shop.

Malke
 
Got a license for a good av already but it got right throu anyhow.. (!?)
Standard Vista tools as defender didnt even see it coming either..
Defender dosnt even see it now when its infected *lol after a full scan.
It comes up to last 2 files in my first post but misses the main, wich is
the issue here.
Formatting the drive is an option sure but not some im considering since my
thread is about removing this file..
Reason : so u could keep ur current data wich not all in backup tape, and
cant rly tell if last tape is infected 2.
Formatting will only save u some painkillers but in the end u have 1 work
day in data gone..

Got some ideas from another forum wich i gonna try out before i jump in and
format, so lets see where it goes..
 
You could try this way.
Go into Safe Mode with Networking, or just plain Safe Mode by tapping F8 at
Startup, and selecting it from the list.

Run your virus scan from in there.

If that fails, go back to your Dymanic desktop, and uninstall your
anti-virus, and install what I have listed below, Avast.

Also, install anti-spyware programs below. you can also run spybot S&D in
Safe mode.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

Above is the link for Norton Removal Tool; if using Norton.

Vista’s Firewall is very good!

http://www.avast.com/eng/download-avast-home.html

Above is a link to Avast Free 4 Home Anti-Virus
It is low resource using, free and Vista 32bit and 64bit compatible.
Only have one (1) anti-virus installed; more than 1 can cause conflicts.

http://www.safer-networking.org/en/index.html

For Spyware removal, use the above link to “Spybot Search & Destroy 1.5.2â€
Download it, install it, update it, immunize your system and scan your
System with it.

http://www.javacoolsoftware.com/

For a non-scanning, but running in the background, Program to STOP Spyware
being downloaded to your Computer, use SpywareBlaster 4, available at the
above link.

IMPORTANT ADVICE: After scanning with the above Programs, problems still
remain.

Reboot computer, and tap F8 at power on/ startup. From the list of options
that appears, select Safe mode by using the UP and DOWN Arrows, then hit
ENTER.

Rescan the computer in Safe mode.
 
Tnx alot.

Took me less then 60 min to get a hold of a fix, with some help of "ur" post
so tnx alot =)
Got the days data saved and formatting in progress.. (just in case)
Was little worried there for some time since ive been trying to figure this
out for the last 7h.
Finaly time to get some Zzz..
 
Back
Top