Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Cannot Delete Bthc.dll

  • This topic is locked This topic is locked
2 replies to this topic

#1 chooky


  • Members
  • 2 posts
  • Local time:01:44 PM

Posted 20 May 2008 - 12:08 AM

This is a network computer at work.
I have tried several means of deleting this file such as:
File Assassin in normal & safe mode
AVG Antivirus 7.5 can put it in the vault but it keeps coming back. AVG calls it "Trojan horse Downloader.Delf.12.AN"
AVG Antispyware
Also have a combofix log.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:19, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {459709DC-D190-4D67-8C18-4640657DA03B} - C:\WINDOWS\system32\bthc.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

End of file - 1702 bytes

Also did online Kaspersky scan (I have a report) it picked up

C:\Documents and Settings\tracey\Desktop\Unused Desktop Shortcuts\one_ring.exe/WISE0016.BIN Infected: Backdoor.Win32.Ruledor.c skipped
C:\Documents and Settings\tracey\Desktop\Unused Desktop Shortcuts\one_ring.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\tracey\My Documents\miscelanious\one_ring.exe/WISE0016.BIN Infected: Backdoor.Win32.Ruledor.c skipped
C:\Documents and Settings\tracey\My Documents\miscelanious\one_ring.exe WiseSFX: infected - 1 skipped

Don't know if these infections above are connected with bthc.dll or not.

"C:\WINDOWS\SYSTEM32\bthc.1 Infected: Trojan.Win32.Pakes.cdw" I managed to delete this file,

but it didn't pick up

C:\WINDOWS\SYSTEM32\bthc.dll Object is locked skipped

Only thing that is happening on this computer avg keeps popping up & I just click ignore because I know avg can't fix it.

Thanks in advance


BC AdBot (Login to Remove)


#2 chooky

  • Topic Starter

  • Members
  • 2 posts
  • Local time:01:44 PM

Posted 21 May 2008 - 09:10 PM

Resolved: I fixed it by using sdfix.
I read another post & someone suggested to use it for another problem.

Thanks anyway


#3 teacup61


    Bleepin' Texan!

  • Malware Response Team
  • 17,075 posts
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:44 PM

Posted 15 June 2008 - 03:08 PM

Thanks for letting us know. :thumbsup:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image

Error reading poptart in Drive A: Delete kids y/n?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users