Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

KillBox didn't kill a file.


  • Please log in to reply
1 reply to this topic

#1 gworley

gworley

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 10 August 2005 - 12:16 PM

I have been trying for 4 days to get rid of Malware on the a computer running XP Home. The computer had over 2000 entries for for Malware. Also had 5 viruses (viri). The computer isn't mine but a client so I don't know where she picked up all of malware/viruses. She did have Zone Alarm on her system but the main exe had a virus so I had to uninstall it. She also had BearShare on her system. I find a file called QLVD.DLL because I didn't recognize the file, Googled it and but turned up nothing. I tried to delete and got an error that the file was in use. So I launched MSCONFIG and disabled all of the startup items and the none Microsoft services and rebooted. Still could not delete the file as it was still in use. I found out where it was beling loaded. The location that it was beling loaded was:

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyExtensions

The key was DllName.

So I tried to delete the contents of the key and it kept coming back. Even deleting the whole key didn't work.

I found KillBox on this site and used it. The program was so smart that it would delete the key contents that KillBox created. I even tried to create a dummy file that I could point to then manually edit the key to change it to the QLVD.DLL but after I changed it the contents of the key was gone.

I finally came up with the idea to set the NTFS permission on the file to deny access to everyone including the system and reboot. Once rebooted and logged back in, I took ownership of the file and was able to deleted (I wish I saved it but I wanted it gone and wasn't thinking clearly.)

None of the Anti-Spy/Malware scanners I tried found it. They include Microsoft Anit-Spyware Beta, a-squared, CounterSpy, Ad-Aware, Spybot - Search and Destroy, and Security Task Manager. This infestation was new. The woman that used the computer hasn't had Internet access in about 6 months. She decided to get it back and the computer wasn't allowing her to go anywhere. So that is where I stepped in.

George

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:27 AM

Posted 10 August 2005 - 12:56 PM

Do you remember what the name was? Sounds like the new VX2/Look2ME which clears the PendingRename key that killbox relies on.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users