Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Kill Browsela.dll And Other Memory Resident Dlls


  • Please log in to reply
No replies to this topic

#1 ElanEdTheSailor

ElanEdTheSailor

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 02 January 2006 - 04:18 PM

I caught the SpySheriff trojan on a Windows 2000 machine. None of the published methods would get rid of the thing completely. browsela.dll, loaded by a registry entry at close to boot time could not be removed. It seems to have the capability to detect registry entries designed to delete files on the next boot and destroy these. Accordingly, nothing I tried using HT or killBox or other such tools could get rid of it.

Finally, using all available information from HT and from information on the web relative to trojans on XP, I killed the beast as follows:

1. Remove the following files and all the registry entries referencing these:

WINNT\system32\: cmd32.exe, z11.exe, z12.exe, z13.exe, z14.exe, dial32.exe

2. Shutdown the computer.

3. Remove the hard drive.

4. Set the hard drive up as a slave drive.

5. Install the hard drive in A DIFFERENT WINDOWS COMPUTER as a SLAVE.

6. Start Windows on the second computer.

7. Open a command window.

8. Switch to the original drive (containing the trojan)- eg. "I:"

9. cd to the directory containing the trojan: cd WINNT\system32

10. Delete the trojan dll: "del browsela.dll"

11. Shutdown the second computer. Remove your original hard drive.

12. Set the hard drive up as MASTER (do not forget this).

13. Re-install the hard drive in your computer.

14. The computer should boot now without running browsela.dll (it is no longer there).

15. Run HiJackThis and remove fix any residual registry issues.

16. Restart the machine.

17. Repeat 15. This time you should have a clean machine.

Good Luck!

Edited by ElanEdTheSailor, 02 January 2006 - 04:20 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users