Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdantiHS.dll returns in Roaming with never end!


  • This topic is locked This topic is locked
3 replies to this topic

#1 guitarbruno

guitarbruno

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 04 February 2017 - 04:55 AM

https://www.bleepingcomputer.com/forums/t/638138/adantihs/

 

http://www.forum-entraide-informatique.com/support/eliminer-tencent-demarrage-t21355.html (in french)

 

Here's the thread about trying to eradicate this dll (AdAntiHS.dll) inside the Roaming directory, which is being be in place for few months!

 

I'm led to you to maybe find a solution.

 

To resume it, AdAnti seems to be kind of chinese Skype, and I wonder if it can develop some future jam in my system... the very first threat was Tencent , and it seems to be eradicated, but AdAnti took place immediatly. So that is the question: no way to eradicate it with various antimalware softs.

 

With your help, could I reset something in system to delete it?

 

Thanks a lot for replies.

 

Bruno

 

 



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:55 PM

Posted 04 February 2017 - 09:12 AM

Good morning :).

 

The Windows 7 forum is not appropriate for malware removal and your issues seem to be a recurring file associated with malware.

 

That said...there are several webpages that purport to provide guidance for removal of files associated with the PUP/malware which you may want to look at strictly as reference material for efforts at manual removal..  I am NOT suggesting the use of any tools which may be suggested by these webpages...merely providing material on what seems to be your problem.

 

http://www.exterminate-it.com/malpedia/remove-adanti

 

http://www.booturpc.com/malicious-files/adantihs-exe-virus-manual-uninstall/

 

Moving topic to Am I Infected forum.

 

Louis


Edited by hamluis, 04 February 2017 - 09:13 AM.


#3 guitarbruno

guitarbruno
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 04 February 2017 - 12:09 PM

Ok it seems that I'd better copy-paste this post , from previous antimalware forum:

 

"You didn't do as I suggested.

I suggested that you start a topic asking how to "re-build your Roaming profile and server-side profile".

The fact that you headed the topic with a malware issue meant that it would not be dealt with in that forum.

I will contact a moderator explaining what has happened and give further advice later.

Satchfan"


Edited by guitarbruno, 04 February 2017 - 12:14 PM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:55 PM

Posted 04 February 2017 - 02:40 PM

FWIW:  I suspect that questions about roaming profiles, domains, and such...should be posted in the Win Server forum, rather than any of the Windows O/S forums.  Unless I'm misunderstanding, roaming profiles and such would originate with the domain, not with users of the domain/network.

 

Per Wiki: " If the domain login is successful, the roaming profile is copied from the central file server to the desktop computer, and a local account is created for the user."

 

I could be wrong :).

 

Louis

 

I will close this topic, since it seems to me that the issues have not been posted in the correct forum.  A corrupt/damaged roaming profile seems likely to need address at the server level, IMO.


Edited by hamluis, 04 February 2017 - 02:42 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users