It's not unusual to receive .dll error(s) when "booting up" after using anti-virus and other security scanning tools to remove a malware infection.
A "Cannot find...
", "Could not run..."
, "Error loading...
or "specific module could not be found
" message is usually related to a malware file that was set to run at startup in the registry but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry
still remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message
. You need to remove this registry entry so Windows stops searching for the file when it loads.
To resolve this, download Autoruns
, search for the related entry and then delete it.
- Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this. Vista users refer to these instructions.)
- Open the folder and double-click on autoruns.exe to launch it.
- Please be patient as it scans and populates the entries.
- When done scanning, it will say Ready at the bottom.
- Scroll through the list and look for an entry related to the file(s) in the error message.
- If found, right-click on the entry and choose delete.
- Reboot your computer and see if the startup error returns.
If you're going to keep and use Autoruns, be sure to read:
Below I have provided some generic instructiions
for network cleaning.
If this is a client machine, to prevent the malware from spreading to other clients on the network keep this system separated (isolated) from all others and disable network file and printer sharing
until fully cleaned. Vista users can refer to these instructions
If you're not sure about the source of infection, start by disconnecting (isolating) all client machines from the network. Check and disinfect each client individually by performing a full system scan with your anti-virus in safe mode
to ensure it is clean before reconnecting.
Start with the server, then one at a time, do the same for each client machine until you ensure it is clean and can be reconnected. That is a tedious task, but it ensures each machine gets individual attention and a full system scan of all files and folders. Trying to do things remotely can result in missed detections. If scanning of a mapped drives only scans the mapped folders, it may not include all the folders on the remote computer. Further, if a malware file is detected on the mapped drive, the removal may fail if a program on the remote computer uses that file.How to scan your network with Sophos Anti-Rootkit <- this link has instructions for use on large networks
On a network where the domain controller has been infected with a rootkit, you should clean the domain controller before cleaning the remaining computers on the network. See rootkit removal on a network with an infected domain controller
If you were infected by malware that spreads to network shares or by a password stealing trojan, change the passwords for all important applications and set strong passwords for shared network resources.