[Michelle]

OK, let's try to see if we can delete that file...be very careful with this!

go to Start > run - type cmd

Then type CD\Windows\system32

then type del hlpchh.dll

Let me know if your receive any error message. If it moves onto the next line with saying anything then it's good.

Michelle

[Advertisements]

access denied

[The Smooth Operator]

access denied

[Michelle]

This may be hidden so be sure you can view hidden files (instructions in previous post)
navigate to C:\windows\system32 and look for hlpchh.dll

Right click on the file, and if "read only" is checked, uncheck it and try deleting it.

Michelle

[The Smooth Operator]

it is there. properties says it is read-only. won't let me uncheck as access denied, or delete.

[Michelle]

Open Killbox and let's try killing on reboot again:

C:\Windows\System32\hlpchh.dll

Once you're rebooted go back to see if the file is gone.

Michelle

[The Smooth Operator]

stupid things still there; AVS popped up again after reboot and warned me again about that same hlpchh.dll file, talking about Trojan Backdoor.BA

[Michelle]

ok, we're going to try changing permissions on the file.

Reboot in safe mode, logon as Admin. Locate that file, right click on it, then click on the Security tab. It will list the users on your computer. Click on the admin, then put a checkmark on Full Control (under allow), apply then try to delete it. If that doesn't work try renaming it, but remember what you name it to!

Michelle

[The Smooth Operator]

OK Progress! Looks like its gone. Didn't actually have a list of anything in the securuty tab. Wouldn't let me change anything, or delete. I changed its name to hlpchh2.dll. And tried again, eventually, and went into the Advanced stuff in the Securuty Tab. Then I think went to Ownership: and chose Administrators and finally it let me click Apply. And I deleted no problem.

Going to go back and run CWS and Ad Aware again now. Hope thats what you want me to do.

[Michelle]

don't forget to run About:Buster! That's why we were spending so much time trying to delete that file!

[The Smooth Operator]

lol, yeah that one! DOH! Thanks.

[Michelle]

I'll be here when you get back!

Michelle

[The Smooth Operator]

okiedokie.
Ran CWS, nothing found again. Then ran About Buster in safe mode.
I ran 2 passes. pc switched off on both occasions, around 95% done. (Didn't get caught up Error Removing hlpchh.dll as we deleted that. However, on the second time, I watched the files flash past, and noticed it was something beginning with sh........... in my system32 folder. (in fact, seemed it was only scanning my system32 folder, what about my d: drive and everything else?)

I looked at my system32 folder, and theres about 15 or so files beginning with sh, want me to list them so we can find out which one might be causing it problems? there are a few .exe's, shadow.exe, shutdown.exe, share.exe.

on restarting in normal mode, TCMonitor alarmed me about HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Expected Data: kernelFaultCheck=%systemroot%\system32\dumprep 0 -k I just reset alarm and ignored it.

[Michelle]

Please run Activescan again and post the results log. Yay, doing this all over again You'll probably be tired of me by the time your system is clean Try running the scan on your whole computer this time and see if it will let you. If it gets stuck, then do what you did last time.

Michelle

[Michelle]

Also, please disable TC for now as it could interfere with cleaning your system!

Michelle

[The Smooth Operator]

ok