Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows/syswow64...can't find an appropriate solution


  • This topic is locked This topic is locked

#31
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
Stay away from those sites + the file name is in all capitals makes a difference. I'm always Leary of hitman pro too.

Look here
https://www.virustot...8336c/analysis/

No Anti Virus scanners find it a problem, have to be careful deleting files from the wow folder

Up load your file fdclient .dll to virus total see what response you get.

https://www.virustotal.com/

Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
  • 0

Advertisements


#32
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

https://www.virustot...66ec1/analysis/


  • 0

#33
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

https://www.virustot...sis/1475622024/

 

I reanalyzed and got this! My results seem to be very different to those you posted.

 

BTW...what did you mean by filenames in all caps? I'm a bit lost there


  • 0

#34
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

https://www.virustot...sis/1475622024/


  • 0

#35
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
The unhackme site has the file name in all caps
Remove "Ads by FDCLIENT.DLL" virus in 5 minutes!

The file we have is all lower case fdclient.dll


Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
2016-09-17 10:49 - 2016-09-07 13:39 - 00125440 _____ C:\WINDOWS\SysWOW64\fdclient.dll
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please do
  • 0

#36
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Okay, I get it. Thanks. I have to run. I'll be at work for the next 12 hours or so, so I'll only be able to check in later. Thanks

 

Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by USER (05-10-2016 07:37:26) Run:2
Running from C:\Users\USER\Desktop
Loaded Profiles: USER (Available Profiles: USER)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
2016-09-17 10:49 - 2016-09-07 13:39 - 00125440 _____ C:\WINDOWS\SysWOW64\fdclient.dll
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\SysWOW64\fdclient.dll => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 294545 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5412319 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 17057134 B
Edge => 0 B
Chrome => 131522324 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4096 B
NetworkService => 7758 B
USER => 21319126 B
 
RecycleBin => 16297 B
EmptyTemp: => 167.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:37:38 ====

  • 0

#37
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
OK BrynnD17,

Talk later.

Joe
  • 0

#38
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Joe,

 

I'm home - in case you have any more ideas.

 

Thanks a lot

 

Brynn


  • 0

#39
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
How is the machine now?
  • 0

#40
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

The file seems to have gone. Machine seems fine, I think! Did you find any further info about the file? Thank you very much, Joe!


  • 0

Advertisements


#41
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
Hello,

Use the machine for a few days see how things go.

I had Mixed results on that file fdclient.dll

The file seems to have gone.

I removed it in the last fix.

I based that decision on your Virus total report. Almost all the most commonly used Anti Virus programs are calling malware. I have also seen the file removed by automated tools such as combofix, and the fact that this file was installed on 9/17/2016 around the time other malware was installed was used in my decision to remove it.

Post back in a few days, let me know how things are.

Thanks
Joe
  • 0

#42
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Okay. Thanks Joe. Only thing I've noticed so far is that my Windows 10 start button didn't work...had to right click on it to shut down. Not sure if it's related. I'll see how things go. Thanks for all your help.
  • 0

#43
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
Give this a try.................................

Right click at Start button > select Command Prompt (Admin) > type powershell > press Enter > wait a bit until you see....
PS C:\windows\system32>

At the flashing prompt, copy and paste this( please use Copy and paste to avoid typo) ............

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

> press Enter.

Ignore any error in red.

When finished, try Start button again.
  • 0

#44
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Joe,

 

Start button randomly worked again...should I still do this?

 

Thanks


  • 0

#45
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,791 posts
No, see how the start button continues to behave. You have tried rebooting correct ? If the start button completely stops working then apply the instruction in post #43,

Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP