Virus issue, High risk

  • Thread starter Thread starter Illusion
  • Start date Start date
I

Illusion

Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web
server and downloads sevral other virus files..
Tryied to remove it before internet was turn on but no luck.
Got some files wich it downloads as soon as internet is there, but simply
cant remove that host file..
It slows down internet speed by 98% so online scanners cant reach it in time
before it activated another entry for it..
And same with the virus program, since it is in the temp dir i tryied to
only scan that dir but same result..
When the scan was done after 5 sec for temp dir the file had made 112 new
entrys linked to the file so it could not be removed..
Every time u tries to simply delete it it makes some other crappy entry and
resetts..
Virus program ref to utlrexue.dll and lvlpdtev.dll



Mail: Illusion_man79@hotmail.com
 
Cleaning a Compromised System
http://www.microsoft.com/technet/community...gmt/sm0504.mspx

After reformatting your hard drive and reinstalling your operating system,
consider installing a good antivirus program, such as Windows OneCare.
You can try it absolutely FREE for 90 days.
http://onecare.live.com/standard/en-us/default.htm


--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows System & Performance

---------------------------------------------------------------

"Illusion" wrote:

Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web
server and downloads sevral other virus files..
Tryied to remove it before internet was turn on but no luck.
Got some files wich it downloads as soon as internet is there, but simply
cant remove that host file..
It slows down internet speed by 98% so online scanners cant reach it in time
before it activated another entry for it..
And same with the virus program, since it is in the temp dir i tryied to
only scan that dir but same result..
When the scan was done after 5 sec for temp dir the file had made 112 new
entrys linked to the file so it could not be removed..
Every time u tries to simply delete it it makes some other crappy entry and
resetts..
Virus program ref to utlrexue.dll and lvlpdtev.dll



Mail: Illusion_man79@hotmail.com
 
Illusion wrote:

> Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some
> web server and downloads sevral other virus files..
> Tryied to remove it before internet was turn on but no luck.
> Got some files wich it downloads as soon as internet is there, but simply
> cant remove that host file..
> It slows down internet speed by 98% so online scanners cant reach it in
> time before it activated another entry for it..
> And same with the virus program, since it is in the temp dir i tryied to
> only scan that dir but same result..
> When the scan was done after 5 sec for temp dir the file had made 112 new
> entrys linked to the file so it could not be removed..
> Every time u tries to simply delete it it makes some other crappy entry
> and resetts..
> Virus program ref to utlrexue.dll and lvlpdtev.dll

Googling for those names brings up nothing, but this is not surprising since
it is common for viruses/malware to name their files randomly. It does make
it difficult to give you pinpointed removal steps, however. You should go
through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2....emoving_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. You will
generally be asked to:

1. Download and execute HiJack This! (HJT) -
http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

2. Disable Notepad's word wrap - In Notepad.exe Format --> uncheck "Word
wrap"

3. Download/run Deckard's System Scanner -
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post at the
forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.

Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may be
so infested that Windows will need to be clean-installed. If possible, have
all your data backed up before you take the machine into a shop.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
 
Got a license for a good av already but it got right throu anyhow.. (!?)
Standard Vista tools as defender didnt even see it coming either..
Defender dosnt even see it now when its infected *lol after a full scan.
It comes up to last 2 files in my first post but misses the main, wich is
the issue here.
Formatting the drive is an option sure but not some im considering since my
thread is about removing this file..
Reason : so u could keep ur current data wich not all in backup tape, and
cant rly tell if last tape is infected 2.
Formatting will only save u some painkillers but in the end u have 1 work
day in data gone..

Got some ideas from another forum wich i gonna try out before i jump in and
format, so lets see where it goes..






"Carey Frisch [MVP]" wrote:

> Cleaning a Compromised System
> http://www.microsoft.com/technet/community...gmt/sm0504.mspx
>
> After reformatting your hard drive and reinstalling your operating system,
> consider installing a good antivirus program, such as Windows OneCare.
> You can try it absolutely FREE for 90 days.
> http://onecare.live.com/standard/en-us/default.htm
>
>
> --
> Carey Frisch
> Microsoft MVP
> Windows Desktop Experience -
> Windows System & Performance
>
> ---------------------------------------------------------------
>
> "Illusion" wrote:
>
> Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web
> server and downloads sevral other virus files..
> Tryied to remove it before internet was turn on but no luck.
> Got some files wich it downloads as soon as internet is there, but simply
> cant remove that host file..
> It slows down internet speed by 98% so online scanners cant reach it in time
> before it activated another entry for it..
> And same with the virus program, since it is in the temp dir i tryied to
> only scan that dir but same result..
> When the scan was done after 5 sec for temp dir the file had made 112 new
> entrys linked to the file so it could not be removed..
> Every time u tries to simply delete it it makes some other crappy entry and
> resetts..
> Virus program ref to utlrexue.dll and lvlpdtev.dll
>
>
>
> Mail: Illusion_man79@hotmail.com
>
 
You could try this way.
Go into Safe Mode with Networking, or just plain Safe Mode by tapping F8 at
Startup, and selecting it from the list.

Run your virus scan from in there.

If that fails, go back to your Dymanic desktop, and uninstall your
anti-virus, and install what I have listed below, Avast.

Also, install anti-spyware programs below. you can also run spybot S&D in
Safe mode.

http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Above is the link for Norton Removal Tool if using Norton.

Vista’s Firewall is very good!

http://www.avast.com/eng/download-avast-home.html

Above is a link to Avast Free 4 Home Anti-Virus
It is low resource using, free and Vista 32bit and 64bit compatible.
Only have one (1) anti-virus installed more than 1 can cause conflicts.

http://www.safer-networking.org/en/index.html

For Spyware removal, use the above link to “Spybot Search & Destroy 1.5.2â€Â
Download it, install it, update it, immunize your system and scan your
System with it.

http://www.javacoolsoftware.com/

For a non-scanning, but running in the background, Program to STOP Spyware
being downloaded to your Computer, use SpywareBlaster 4, available at the
above link.

IMPORTANT ADVICE: After scanning with the above Programs, problems still
remain.

Reboot computer, and tap F8 at power on/ startup. From the list of options
that appears, select Safe mode by using the UP and DOWN Arrows, then hit
ENTER.

Rescan the computer in Safe mode.

--
Mick Murphy - Qld - Australia


"Illusion" wrote:

> Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web
> server and downloads sevral other virus files..
> Tryied to remove it before internet was turn on but no luck.
> Got some files wich it downloads as soon as internet is there, but simply
> cant remove that host file..
> It slows down internet speed by 98% so online scanners cant reach it in time
> before it activated another entry for it..
> And same with the virus program, since it is in the temp dir i tryied to
> only scan that dir but same result..
> When the scan was done after 5 sec for temp dir the file had made 112 new
> entrys linked to the file so it could not be removed..
> Every time u tries to simply delete it it makes some other crappy entry and
> resetts..
> Virus program ref to utlrexue.dll and lvlpdtev.dll
>
>
>
> Mail: Illusion_man79@hotmail.com
 
Tnx alot.

Took me less then 60 min to get a hold of a fix, with some help of "ur" post
so tnx alot =)
Got the days data saved and formatting in progress.. (just in case)
Was little worried there for some time since ive been trying to figure this
out for the last 7h.
Finaly time to get some Zzz..




"Malke" wrote:

> Illusion wrote:
>
> > Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some
> > web server and downloads sevral other virus files..
> > Tryied to remove it before internet was turn on but no luck.
> > Got some files wich it downloads as soon as internet is there, but simply
> > cant remove that host file..
> > It slows down internet speed by 98% so online scanners cant reach it in
> > time before it activated another entry for it..
> > And same with the virus program, since it is in the temp dir i tryied to
> > only scan that dir but same result..
> > When the scan was done after 5 sec for temp dir the file had made 112 new
> > entrys linked to the file so it could not be removed..
> > Every time u tries to simply delete it it makes some other crappy entry
> > and resetts..
> > Virus program ref to utlrexue.dll and lvlpdtev.dll
>
> Googling for those names brings up nothing, but this is not surprising since
> it is common for viruses/malware to name their files randomly. It does make
> it difficult to give you pinpointed removal steps, however. You should go
> through these general malware removal steps systematically -
> http://www.elephantboycomputers.com/page2....emoving_Malware
>
> Include scanning with David Lipman's Multi_AV and follow instructions to do
> all scans in Safe Mode. Please see the special Notes regarding using
> Multi_AV in Vista.
>
> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
> http://tinyurl.com/yoeru3 - download link and more instructions
>
> You can also check to see if there are targeted removal steps for your
> malware here:
> Bleeping Computer removal how-to's -
> http://www.bleepingcomputer.com/forums/forum55.html
>
> When all else fails, get guided help. Choose one of the specialty forums
> listed at the first link. Register and read its posting FAQ. You will
> generally be asked to:
>
> 1. Download and execute HiJack This! (HJT) -
> http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe
>
> 2. Disable Notepad's word wrap - In Notepad.exe Format --> uncheck "Word
> wrap"
>
> 3. Download/run Deckard's System Scanner -
> http://www.techsupportforum.com/sectools/Deckard/dss.exe
>
> 4. Save the scan results (Main.txt and Extra.txt)
>
> 5. And then post the contents of Main.txt and Extra.txt in your post at the
> forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.
>
> Standard disclaimer: I can't see and test your computer myself, so these are
> just suggestions based on many years of being a professional computer tech
> suggestions based on what you've written. You should not take my
> suggestions as a definitive diagnosis. If you can't do the work yourself
> (and there is no shame in admitting this isn't your cup of tea), take the
> machine to a professional computer repair shop (not your local equivalent
> of BigComputerStore/GeekSquad). Please be aware that not all local shops
> are skilled at removing malware and even if they are, your computer may be
> so infested that Windows will need to be clean-installed. If possible, have
> all your data backed up before you take the machine into a shop.
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers
> www.elephantboycomputers.com
> Don't Panic!
>
 
Back
Top