Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Do I Do With: __delete_on_reboot__d_e_s_k_b_a_r_._d_l_l_?


  • Please log in to reply
2 replies to this topic

#1 xelaw

xelaw

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 22 September 2006 - 04:12 AM

I'm using WinXP SP2. A few day ago I downloaded a file with a virus and/or other malware.

Now every time when I turn my PC on in the morning (but not if I do a reset during the day), a strange search bar appears in the taskbar (I can get rid of this for the day by right clicking on on the task bar>toolbars and unchecking a blank checked entry in the list that appears) and my homepage in IE is captured by an intruder.

I've scanned my PC with:
Norton AV (which removed some viruses) and since then says the PC is clean.
Windows Defender - didn't do much.
Adaware - found some tracking cookies,
Spybot - found some trojans and other spyware, but can't get rid of them unless I restart my computer, which I do, and it then has a popup war with NAV, and tells me again that it can't get rid of them unless I restart my computer again.
ewido antispyware - removes the trojans and spyware (which will return the next day when the PC is turned on) except for the file " __delete_on_reboot__d_e_s_k_b_a_r_._d_l_l_" which is in the Program Files/Deskbar folder, which it shows as an error during removal.
a-squared Security Center - Pretty much the same thing as ewido above, except that it says that it got rid of " __delete_on_reboot__d_e_s_k_b_a_r_._d_l_l_", but if I look in Windows Explorer, it says it is still there.

A lot of the spyware found by ewido and/or a-squared is in the folder Program Files>Deskbar, which was created when I first got the virus. If I try to delete it manually, Windows refuses, saying the file might be in use. I'm not sure whether this is my only problem, but it seems to be an important part of it.

So my question is - Who will rid me of this trublesome folder?

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:01:09 PM

Posted 22 September 2006 - 06:24 AM

Have you tried running your security applications in Safe Mode?
How to start Windows in Safe Mode
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 xelaw

xelaw
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 23 September 2006 - 12:47 AM

tg1911, thanks, but it didn't help. I ran a-squared in Windows safe mode, and it removed a number of items from the Program Files>Deskbar folder. and when I checked in Windows Explorer, the whole Deskbar folder had disappeared. I restarted the PC, and everything seemed OK.

However, this morning, when I turned on the PC (after it was off overnight) the mysterious search bar reappeared in the taskbar, the IE homepage was again captured (by a site called "findallthewebyouneed.com), and the Program Files>Deskbar folder had returned in all its horror!

I notice that my startup files have a suspicious file called "msxml3a.exe", also created at about the time I first got the virus. I had already unchecked it in the Starter Software list, and it doesn't appear in the Task Manager list of running processes. Does anyone know if I can delete it without causing other problems? According to the Software Tricks and Trips site, it's "the Trojan/Backdoor", but the site says to kill the process and remove it from startup. It doesn't say you can delete it.

Anyone have any ideas on how I can proceed with this spyware problem?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users