recently i became infected with some adware/spyware/malware that somehow managed to slip by Tea timer.
having dealt with a few virii on my own with some success i fired up spybot, malware bytes, and hijack this in an attempt to remove the problem
the files involved were dolusero.dll and sibikere.dll
a google search came up with one hit for dolusero.dll and that was megavega.dll
the problem proved resistant to removal, however i was able to killbox dolusero.dll at which point the HJT was able to remove infections featuring said file at several points. this has apparently inactivate whatever was running on my system as the tell tale IE windows stopped popping up (i use chrome, so it was fairly obvious that there was something going wrong)
unfortunately sibikere.dll has proved highly resistant to removal.
killbox can't remove it. all attempts to do a restart & remove end with PendingFileRenameOperations Registry Data has been Removed by External Process!
HJT can't touch it
i tried The Avenger and wrote a script to remove it. the log said it worked, but i fired up HJT to check and lo and behold it was back
i'm missing something here, and while i'm not exactly wet behind the ears when it comes to computers, i think this one is out of my depth here
did i kill whatever it was and this merely a dead piece of code? or is this going to come back and bite me?
thanks in advance
i am running Win XP SP3, on an iMac of all things, with a Logitech G15 Keyboard
the dll in question occurs down at O20 - AppInit_DLLs
AVG finally found this on it's nightly scan (i swear i don't know why i keep the thing around, but apparently it's finally good for something)
looks like it is the Sheur2 BOGA trojan
will see if i can find a removal method now. will keep you posted
hijackthis.log 9.28KB 1 downloads
Edited by Wobberjockey, 26 October 2009 - 12:18 PM.