Posted 10 August 2005 - 12:16 PM
I have been trying for 4 days to get rid of Malware on the a computer running XP Home. The computer had over 2000 entries for for Malware. Also had 5 viruses (viri). The computer isn't mine but a client so I don't know where she picked up all of malware/viruses. She did have Zone Alarm on her system but the main exe had a virus so I had to uninstall it. She also had BearShare on her system. I find a file called QLVD.DLL because I didn't recognize the file, Googled it and but turned up nothing. I tried to delete and got an error that the file was in use. So I launched MSCONFIG and disabled all of the startup items and the none Microsoft services and rebooted. Still could not delete the file as it was still in use. I found out where it was beling loaded. The location that it was beling loaded was:
The key was DllName.
So I tried to delete the contents of the key and it kept coming back. Even deleting the whole key didn't work.
I found KillBox on this site and used it. The program was so smart that it would delete the key contents that KillBox created. I even tried to create a dummy file that I could point to then manually edit the key to change it to the QLVD.DLL but after I changed it the contents of the key was gone.
I finally came up with the idea to set the NTFS permission on the file to deny access to everyone including the system and reboot. Once rebooted and logged back in, I took ownership of the file and was able to deleted (I wish I saved it but I wanted it gone and wasn't thinking clearly.)
None of the Anti-Spy/Malware scanners I tried found it. They include Microsoft Anit-Spyware Beta, a-squared, CounterSpy, Ad-Aware, Spybot - Search and Destroy, and Security Task Manager. This infestation was new. The woman that used the computer hasn't had Internet access in about 6 months. She decided to get it back and the computer wasn't allowing her to go anywhere. So that is where I stepped in.