Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sslx32.dll Removal?


  • Please log in to reply
5 replies to this topic

#1 bob121

bob121

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 08 January 2006 - 09:41 PM

Hello,

Recently done a HijackThis clean, but one file still remains as a problem on my PC.

'sslx32.dll' is picked up by Norton AntiVirus almost immediately after starting the computer.

It says its located in the Windows System32 directory, but I cannot find this file via a search or viewing the folder. Have tried safe mode to no avail. Scans in safe mode do not pick this file up.


It identifies the file with the PWSteal.Trojan (password steal?? :thumbsup:)


Please help.


Bob

BC AdBot (Login to Remove)

 


#2 bob121

bob121
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 08 January 2006 - 11:34 PM

Update on this - run Ewido and its removed something else similar - not this file though...

Can now see the file in the System32 directory!

Can't remove it though, even from safe mode :thumbsup: :flowers:

Edited by bob121, 08 January 2006 - 11:53 PM.


#3 Jubo

Jubo

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 09 January 2006 - 02:44 AM

Is there a virus discovered by any other antivirus program? You could run a full scan at: Windows Live Safety Center and/or at TrendMicro: HouseCall. Disable the Norton when running any other scans.

What version of Windows are you running? Include any Service packs.

When you Google for the file name there are not really that many hits.

Also run an antispyware scan: Spyware Removal and Remove CoolWebSearch.

#4 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 09 January 2006 - 03:25 AM

If you think you are infected submit a hijackthis log to the HJT Forum.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

or

KASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido again run from safe mode.

I'd also run Spybot(Spybot Tutorial) and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt" If your using Win9x just run it from safe mode the command line options aren't needed..

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

#5 bob121

bob121
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 09 January 2006 - 08:33 PM

Thankyou for the replies.

Have run Adaware, Spybot and Sysclean from safe mode. Tried running Sysclean again, just specifying to search the System32 directory.

All pick up nothing.

Boot back into Windows normally, and up pops the virus warning from Nortons for 'sslx32.dll (Trojan.PWSteal)' :thumbsup:

Even from Safe Mode, WindowsXP says the file is currently being used by another process. Cannot move or delete it. I have another computer here which doesn't have this file on it anywhere.

:flowers: :trumpet:


Ewido didn't pick it up.

Will try A2 Free now I guess.

Edited by bob121, 09 January 2006 - 08:35 PM.


#6 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 10 January 2006 - 03:02 AM

Scan suspect files at jotti and Virus Total which use multiple AV scan engines.

See what these scanners say about the file.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users