Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr. Watson I presume [resolved]


  • This topic is locked This topic is locked

#31
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
OK, let's try to see if we can delete that file...be very careful with this!

go to Start > run - type cmd

Then type CD\Windows\system32

then type del hlpchh.dll

Let me know if your receive any error message. If it moves onto the next line with saying anything then it's good.

Michelle :tazz:
  • 0

Advertisements


#32
The Smooth Operator

The Smooth Operator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
access denied
  • 0

#33
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
This may be hidden so be sure you can view hidden files (instructions in previous post)
navigate to C:\windows\system32 and look for hlpchh.dll

Right click on the file, and if "read only" is checked, uncheck it and try deleting it.

Michelle
  • 0

#34
The Smooth Operator

The Smooth Operator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
it is there. properties says it is read-only. won't let me uncheck as access denied, or delete.
  • 0

#35
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Open Killbox and let's try killing on reboot again:

C:\Windows\System32\hlpchh.dll

Once you're rebooted go back to see if the file is gone.

Michelle :tazz:
  • 0

#36
The Smooth Operator

The Smooth Operator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
stupid things still there; AVS popped up again after reboot and warned me again about that same hlpchh.dll file, talking about Trojan Backdoor.BA
  • 0

#37
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
ok, we're going to try changing permissions on the file.

Reboot in safe mode, logon as Admin. Locate that file, right click on it, then click on the Security tab. It will list the users on your computer. Click on the admin, then put a checkmark on Full Control (under allow), apply then try to delete it. If that doesn't work try renaming it, but remember what you name it to!

Michelle :tazz:
  • 0

#38
The Smooth Operator

The Smooth Operator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
OK Progress! Looks like its gone. Didn't actually have a list of anything in the securuty tab. Wouldn't let me change anything, or delete. I changed its name to hlpchh2.dll. And tried again, eventually, and went into the Advanced stuff in the Securuty Tab. Then I think went to Ownership: and chose Administrators and finally it let me click Apply. And I deleted no problem.

Going to go back and run CWS and Ad Aware again now. Hope thats what you want me to do.
  • 0

#39
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
don't forget to run About:Buster! That's why we were spending so much time trying to delete that file! :tazz:
  • 0

#40
The Smooth Operator

The Smooth Operator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
lol, yeah that one! DOH! Thanks.
  • 0

Advertisements


#41
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
:tazz:

I'll be here when you get back!

Michelle
  • 0

#42
The Smooth Operator

The Smooth Operator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
okiedokie.
Ran CWS, nothing found again. Then ran About Buster in safe mode.
I ran 2 passes. pc switched off on both occasions, around 95% done. (Didn't get caught up Error Removing hlpchh.dll as we deleted that. However, on the second time, I watched the files flash past, and noticed it was something beginning with sh........... in my system32 folder. (in fact, seemed it was only scanning my system32 folder, what about my d: drive and everything else?)

I looked at my system32 folder, and theres about 15 or so files beginning with sh, want me to list them so we can find out which one might be causing it problems? there are a few .exe's, shadow.exe, shutdown.exe, share.exe.

on restarting in normal mode, TCMonitor alarmed me about HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Expected Data: kernelFaultCheck=%systemroot%\system32\dumprep 0 -k I just reset alarm and ignored it.
  • 0

#43
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please run Activescan again and post the results log. Yay, doing this all over again :tazz: You'll probably be tired of me by the time your system is clean ;) Try running the scan on your whole computer this time and see if it will let you. If it gets stuck, then do what you did last time.

Michelle ;)
  • 0

#44
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Also, please disable TC for now as it could interfere with cleaning your system!

Michelle
  • 0

#45
The Smooth Operator

The Smooth Operator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
ok :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP