Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A.dll that will not die, suspected virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Wobberjockey

Wobberjockey

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 26 October 2009 - 12:08 AM

hello.

recently i became infected with some adware/spyware/malware that somehow managed to slip by Tea timer.

having dealt with a few virii on my own with some success i fired up spybot, malware bytes, and hijack this in an attempt to remove the problem
the files involved were dolusero.dll and sibikere.dll
a google search came up with one hit for dolusero.dll and that was megavega.dll

the problem proved resistant to removal, however i was able to killbox dolusero.dll at which point the HJT was able to remove infections featuring said file at several points. this has apparently inactivate whatever was running on my system as the tell tale IE windows stopped popping up (i use chrome, so it was fairly obvious that there was something going wrong)

unfortunately sibikere.dll has proved highly resistant to removal.
killbox can't remove it. all attempts to do a restart & remove end with PendingFileRenameOperations Registry Data has been Removed by External Process!
HJT can't touch it
i tried The Avenger and wrote a script to remove it. the log said it worked, but i fired up HJT to check and lo and behold it was back

i'm missing something here, and while i'm not exactly wet behind the ears when it comes to computers, i think this one is out of my depth here
did i kill whatever it was and this merely a dead piece of code? or is this going to come back and bite me?

thanks in advance

i am running Win XP SP3, on an iMac of all things, with a Logitech G15 Keyboard

the dll in question occurs down at O20 - AppInit_DLLs

AVG finally found this on it's nightly scan (i swear i don't know why i keep the thing around, but apparently it's finally good for something)
looks like it is the Sheur2 BOGA trojan
will see if i can find a removal method now. will keep you posted

Attached File  hijackthis.log   9.28KB   1 downloads

Edited by Wobberjockey, 26 October 2009 - 12:18 PM.


BC AdBot (Login to Remove)

 


#2 Wobberjockey

Wobberjockey
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 27 October 2009 - 02:13 AM

just an update.

after going to work and returning, my system was full of malware
at least 3 separate root kits, several infected drivers, and no less than 7 different Vundo infections

most security software i install is immediatly removed by these programs

i have decided that it will be far simpler to reinstall the os, removing all the infections in one fell swoop (XP has been acquiring some bugs, it's about due for a reinstall anyway)

thank you anyway for providing a wonderful tech resource

-Wobberjockey

Edited by Wobberjockey, 27 October 2009 - 02:14 AM.


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:25 PM

Posted 27 October 2009 - 08:12 PM

Thank you for letting us know. Sometimes a reformat and reinstall is the quickest and best solution.

Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users