Guest Illusion Posted April 19, 2008 Posted April 19, 2008 Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web server and downloads sevral other virus files.. Tryied to remove it before internet was turn on but no luck. Got some files wich it downloads as soon as internet is there, but simply cant remove that host file.. It slows down internet speed by 98% so online scanners cant reach it in time before it activated another entry for it.. And same with the virus program, since it is in the temp dir i tryied to only scan that dir but same result.. When the scan was done after 5 sec for temp dir the file had made 112 new entrys linked to the file so it could not be removed.. Every time u tries to simply delete it it makes some other crappy entry and resetts.. Virus program ref to utlrexue.dll and lvlpdtev.dll Mail: Illusion_man79@hotmail.com Quote
Guest Carey Frisch [MVP] Posted April 19, 2008 Posted April 19, 2008 Cleaning a Compromised System http://www.microsoft.com/technet/community...gmt/sm0504.mspx After reformatting your hard drive and reinstalling your operating system, consider installing a good antivirus program, such as Windows OneCare. You can try it absolutely FREE for 90 days. http://onecare.live.com/standard/en-us/default.htm -- Carey Frisch Microsoft MVP Windows Desktop Experience - Windows System & Performance --------------------------------------------------------------- "Illusion" wrote: Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web server and downloads sevral other virus files.. Tryied to remove it before internet was turn on but no luck. Got some files wich it downloads as soon as internet is there, but simply cant remove that host file.. It slows down internet speed by 98% so online scanners cant reach it in time before it activated another entry for it.. And same with the virus program, since it is in the temp dir i tryied to only scan that dir but same result.. When the scan was done after 5 sec for temp dir the file had made 112 new entrys linked to the file so it could not be removed.. Every time u tries to simply delete it it makes some other crappy entry and resetts.. Virus program ref to utlrexue.dll and lvlpdtev.dll Mail: Illusion_man79@hotmail.com Quote
Guest Malke Posted April 19, 2008 Posted April 19, 2008 Illusion wrote: <span style="color:blue"> > Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some > web server and downloads sevral other virus files.. > Tryied to remove it before internet was turn on but no luck. > Got some files wich it downloads as soon as internet is there, but simply > cant remove that host file.. > It slows down internet speed by 98% so online scanners cant reach it in > time before it activated another entry for it.. > And same with the virus program, since it is in the temp dir i tryied to > only scan that dir but same result.. > When the scan was done after 5 sec for temp dir the file had made 112 new > entrys linked to the file so it could not be removed.. > Every time u tries to simply delete it it makes some other crappy entry > and resetts.. > Virus program ref to utlrexue.dll and lvlpdtev.dll</span> Googling for those names brings up nothing, but this is not surprising since it is common for viruses/malware to name their files randomly. It does make it difficult to give you pinpointed removal steps, however. You should go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2....emoving_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. Please see the special Notes regarding using Multi_AV in Vista. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://tinyurl.com/yoeru3 - download link and more instructions You can also check to see if there are targeted removal steps for your malware here: Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html When all else fails, get guided help. Choose one of the specialty forums listed at the first link. Register and read its posting FAQ. You will generally be asked to: 1. Download and execute HiJack This! (HJT) - http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word wrap" 3. Download/run Deckard's System Scanner - http://www.techsupportforum.com/sectools/Deckard/dss.exe 4. Save the scan results (Main.txt and Extra.txt) 5. And then post the contents of Main.txt and Extra.txt in your post at the forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. Standard disclaimer: I can't see and test your computer myself, so these are just suggestions based on many years of being a professional computer tech; suggestions based on what you've written. You should not take my suggestions as a definitive diagnosis. If you can't do the work yourself (and there is no shame in admitting this isn't your cup of tea), take the machine to a professional computer repair shop (not your local equivalent of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. If possible, have all your data backed up before you take the machine into a shop. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest Illusion Posted April 19, 2008 Posted April 19, 2008 Got a license for a good av already but it got right throu anyhow.. (!?) Standard Vista tools as defender didnt even see it coming either.. Defender dosnt even see it now when its infected lol after a full scan. It comes up to last 2 files in my first post but misses the main, wich is the issue here. Formatting the drive is an option sure but not some im considering since my thread is about removing this file.. Reason : so u could keep ur current data wich not all in backup tape, and cant rly tell if last tape is infected 2. Formatting will only save u some painkillers but in the end u have 1 work day in data gone.. Got some ideas from another forum wich i gonna try out before i jump in and format, so lets see where it goes.. "Carey Frisch [MVP]" wrote: <span style="color:blue"> > Cleaning a Compromised System > http://www.microsoft.com/technet/community...gmt/sm0504.mspx > > After reformatting your hard drive and reinstalling your operating system, > consider installing a good antivirus program, such as Windows OneCare. > You can try it absolutely FREE for 90 days. > http://onecare.live.com/standard/en-us/default.htm > > > -- > Carey Frisch > Microsoft MVP > Windows Desktop Experience - > Windows System & Performance > > --------------------------------------------------------------- > > "Illusion" wrote: > > Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web > server and downloads sevral other virus files.. > Tryied to remove it before internet was turn on but no luck. > Got some files wich it downloads as soon as internet is there, but simply > cant remove that host file.. > It slows down internet speed by 98% so online scanners cant reach it in time > before it activated another entry for it.. > And same with the virus program, since it is in the temp dir i tryied to > only scan that dir but same result.. > When the scan was done after 5 sec for temp dir the file had made 112 new > entrys linked to the file so it could not be removed.. > Every time u tries to simply delete it it makes some other crappy entry and > resetts.. > Virus program ref to utlrexue.dll and lvlpdtev.dll > > > > Mail: Illusion_man79@hotmail.com > </span> Quote
Guest Mick Murphy Posted April 19, 2008 Posted April 19, 2008 You could try this way. Go into Safe Mode with Networking, or just plain Safe Mode by tapping F8 at Startup, and selecting it from the list. Run your virus scan from in there. If that fails, go back to your Dymanic desktop, and uninstall your anti-virus, and install what I have listed below, Avast. Also, install anti-spyware programs below. you can also run spybot S&D in Safe mode. http://service1.symantec.com/SUPPORT/tsgen...005033108162039 Above is the link for Norton Removal Tool; if using Norton. Vista’s Firewall is very good! http://www.avast.com/eng/download-avast-home.html Above is a link to Avast Free 4 Home Anti-Virus It is low resource using, free and Vista 32bit and 64bit compatible. Only have one (1) anti-virus installed; more than 1 can cause conflicts. http://www.safer-networking.org/en/index.html For Spyware removal, use the above link to “Spybot Search & Destroy 1.5.2†Download it, install it, update it, immunize your system and scan your System with it. http://www.javacoolsoftware.com/ For a non-scanning, but running in the background, Program to STOP Spyware being downloaded to your Computer, use SpywareBlaster 4, available at the above link. IMPORTANT ADVICE: After scanning with the above Programs, problems still remain. Reboot computer, and tap F8 at power on/ startup. From the list of options that appears, select Safe mode by using the UP and DOWN Arrows, then hit ENTER. Rescan the computer in Safe mode. -- Mick Murphy - Qld - Australia "Illusion" wrote: <span style="color:blue"> > Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web > server and downloads sevral other virus files.. > Tryied to remove it before internet was turn on but no luck. > Got some files wich it downloads as soon as internet is there, but simply > cant remove that host file.. > It slows down internet speed by 98% so online scanners cant reach it in time > before it activated another entry for it.. > And same with the virus program, since it is in the temp dir i tryied to > only scan that dir but same result.. > When the scan was done after 5 sec for temp dir the file had made 112 new > entrys linked to the file so it could not be removed.. > Every time u tries to simply delete it it makes some other crappy entry and > resetts.. > Virus program ref to utlrexue.dll and lvlpdtev.dll > > > > Mail: Illusion_man79@hotmail.com </span> Quote
Guest Illusion Posted April 19, 2008 Posted April 19, 2008 Tnx alot. Took me less then 60 min to get a hold of a fix, with some help of "ur" post so tnx alot =) Got the days data saved and formatting in progress.. (just in case) Was little worried there for some time since ive been trying to figure this out for the last 7h. Finaly time to get some Zzz.. "Malke" wrote: <span style="color:blue"> > Illusion wrote: > <span style="color:green"> > > Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some > > web server and downloads sevral other virus files.. > > Tryied to remove it before internet was turn on but no luck. > > Got some files wich it downloads as soon as internet is there, but simply > > cant remove that host file.. > > It slows down internet speed by 98% so online scanners cant reach it in > > time before it activated another entry for it.. > > And same with the virus program, since it is in the temp dir i tryied to > > only scan that dir but same result.. > > When the scan was done after 5 sec for temp dir the file had made 112 new > > entrys linked to the file so it could not be removed.. > > Every time u tries to simply delete it it makes some other crappy entry > > and resetts.. > > Virus program ref to utlrexue.dll and lvlpdtev.dll</span> > > Googling for those names brings up nothing, but this is not surprising since > it is common for viruses/malware to name their files randomly. It does make > it difficult to give you pinpointed removal steps, however. You should go > through these general malware removal steps systematically - > http://www.elephantboycomputers.com/page2....emoving_Malware > > Include scanning with David Lipman's Multi_AV and follow instructions to do > all scans in Safe Mode. Please see the special Notes regarding using > Multi_AV in Vista. > > http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions > http://tinyurl.com/yoeru3 - download link and more instructions > > You can also check to see if there are targeted removal steps for your > malware here: > Bleeping Computer removal how-to's - > http://www.bleepingcomputer.com/forums/forum55.html > > When all else fails, get guided help. Choose one of the specialty forums > listed at the first link. Register and read its posting FAQ. You will > generally be asked to: > > 1. Download and execute HiJack This! (HJT) - > http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe > > 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word > wrap" > > 3. Download/run Deckard's System Scanner - > http://www.techsupportforum.com/sectools/Deckard/dss.exe > > 4. Save the scan results (Main.txt and Extra.txt) > > 5. And then post the contents of Main.txt and Extra.txt in your post at the > forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. > > Standard disclaimer: I can't see and test your computer myself, so these are > just suggestions based on many years of being a professional computer tech; > suggestions based on what you've written. You should not take my > suggestions as a definitive diagnosis. If you can't do the work yourself > (and there is no shame in admitting this isn't your cup of tea), take the > machine to a professional computer repair shop (not your local equivalent > of BigComputerStore/GeekSquad). Please be aware that not all local shops > are skilled at removing malware and even if they are, your computer may be > so infested that Windows will need to be clean-installed. If possible, have > all your data backed up before you take the machine into a shop. > > Malke > -- > MS-MVP > Elephant Boy Computers > www.elephantboycomputers.com > Don't Panic! > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.