Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

can't delete win.dll [RESOLVED]


  • This topic is locked This topic is locked

#46
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Here's the results from the online scan.

#1File: IfMegaWbr.dll
Status:
INFECTED/MALWARE
MD5 bed3fa13893350ecac5fc6cb28728121
Packers detected:
UPX
Scanner results
AntiVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Trojan-Dropper.Win32.Small.xm
mks_vir
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VBA32
Found Adware.ShopAtHome.30 (probable variant)


#2File: in8PwrScrMs1086.dll
Status:
POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5 895575b1d2e73aa025b9cac6cd2cabf4
Packers detected:
UPX
Scanner results
AntiVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
mks_vir
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VBA32
Found Adware.ShopAtHome.30 (probable variant)

#3 File: intronsad.exe
Status:
INFECTED/MALWARE (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain -, results will not be stored in the database.)
MD5 dcc4e1f3b1aeae0eecbb8a2bd149b261
Packers detected:
UPX
Scanner results
AntiVir
Found TR/Dldr.1296
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found Trojan.DownLoader.1296
ClamAV
Found Trojan.Downloader.Small-297
Dr.Web
Found Trojan.DownLoader.1296
F-Prot Antivirus
Found nothing
Fortinet
Found Adware/Isearch
Kaspersky Anti-Virus
Found not-a-virus:AdWare.ToolBar.ISearch.d
mks_vir
Found nothing
NOD32
Found nothing
Norman Virus Control
Found W32/Isearch.D
VBA32
Found AdWare.ToolBar.ISearch.d

#4 File: tct101.dll
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 430670bda8f9f51a9093c39f0d2e2f54
Packers detected:
UPX
Scanner results
AntiVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
mks_vir
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VBA32
Found nothing
  • 0

Advertisements


#47
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Thank you. You can delete the ones that were detected as infected.

I would like to have a look at that last one myself.
Can you upload C:\WINDOWS\tct101.dll at the Uploads forum here: http://www.thespykil...forum/index.php
You don't have to regsiter, just follow the instructions there and please mention my name in the topic title, so I know it's for me.

Thanks in advance,
  • 0

#48
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Ok I just ran spybot, spy subtract, and a- squared and the first two found a few of the usual suspects and check out what a-squared found:

a² Report
Filename Diagnosis
C:\Documents and Settings\Administrator\Application Data\wtta.exe Adware.PurityScan.w
C:\Documents and Settings\Default User\Application Data\wtta.exe Adware.PurityScan.w
C:\Documents and Settings\Owner\Application Data\wtta.exe Adware.PurityScan.w
C:\HP\bin\Terminator.exe not-a-virus:RiskWare.Tool.KillApp
C:\Program Files\FileSubmit\Wild Turkeys\NNEZTA388.exe Adware.NewDotNet
C:\Program Files\FileSubmit\Wild Turkeys\TBEZA127Q.exe AdWare.ToolBar.Quick.a
C:\Program Files\HJT\backups\backup-20050415-140154-721.dll Trojan.Win32.Delf.cf
C:\Program Files\HJT\backups\backup-20050420-133713-359.dll AdWare.WinAD.ak
C:\RECYCLER\S-1-5-21-1920662691-2655185767-2361276793-500\Dc1.exe AdWare.Apropos.i
C:\WINDOWS\cxtpls_loader.exe Adware.Apropos.b
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll Dialer
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\YSBactivex.dll Trojan-Downloader.Win32.IstBar.gp
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll Trojan-Downloader.Win32.IstBar.gk
C:\WINDOWS\installer_SIAC.exe Trojan-Downloader.Win32.Adload.a
C:\WINDOWS\internet.exe Trojan-Downloader.Win32.Small.adn
C:\WINDOWS\NDNuninstall6_38.exe AdWare.NewDotNet
C:\WINDOWS\system32\0a4.dll Trojan.Win32.Delf.cf
C:\WINDOWS\system32\config\systemprofile\Application Data\wtta.exe Adware.PurityScan.w
C:\WINDOWS\system32\MTC.dll Adware.ToolBar.Tubby.b
C:\WINDOWS\system32\vbsys2.dll Trojan-Clicker.Win32.Agent.ac
  • 0

#49
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Just ran Norton and it actually found a virus. LOL, their virus definations are getting somewhat better. Anyway it found Trojan.ByteVerify in 2 files, Counter.class and Parser.class and they were quarintined. Can I delete them?
  • 0

#50
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Yes. You can also clear your cache. That would also get rid of any exploits you have that Norton doesn't detect. :tazz:
If you are using Java VM:
Close all browsers, Start > Settings > Control panel > Java Plugin [version number] > Choose Cache and click remove JAR Cache.

If you are using Microsofts VM in IE click Tools > Internet Options > Delete Files and checkamrk the Offline content box

~I never knew that Purityscan dropped so many copies of the file on a computer.~ ;)

Regards,
  • 0

#51
rmprudente

rmprudente

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
;) Guess what?! Win.dll is finally gone. I was here about something else and remembered it so I checked for it. Don't know how, don't know when, but it's gone. :tazz: I'm thinkin it was just something new and took awhile for the antivirus/trojan/spyware/whatever to figure it out and add it to their updates. Who knows. Thanks for being so patient, that sucker drove me insane forever!
  • 0

#52
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

Please do have a look at my site about removing and preventing spyware.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP