Removing DLL's at Startup

July 31, 2008 at 08:27:39
Specs: Vista Ult., AMD Athlon 64. 3800+
Hi
I have removed Torjan.Vundo but on start up there are two DLL's that attempt to load (ofcourse have been deleted) so I get an error message.
I think it is the only thing left of the virus/trojan so would love to have them removed.
Can anyone tell me how to remove DLL's from start up.

Many Thanks,
Joseph Middleton


See More: Removing DLLs at Startup

Report •


#1
July 31, 2008 at 11:15:48
It should be listed in Windows Defender or failing that the msconfig utility and the registry.

1. Click the Windows Orb (Start) > All Programs > Windows Defender. Click the Tools Tab > Software Explorer and make sure Start up Programs is showing in the drop down menu. Click the Trojan name and at the bottom click Remove.

2. If 1 above doesn’t find it, go to the Windows Orb (Start) type msconfig and press Enter. Go to the StartUp Tab and untick the Trojans. When you’ve finished ‘unticking’, close msconfig and let the computer reboot. You will get a reminder that you’re running Selective Startup, just tick ’Don’t show this again’ or similar wording.

3. If you still haven’t removed them, create a system restore point then click the Windows Orb (Start), type regedit, press Enter and navigate to registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run, then right-click and delete the Trojans.

Now navigate to HKEY_LOCAL_MACHINE\Microsoft\Windows\Current Version\Run, then right-click and delete the Trojans.


Report •

#2
August 1, 2008 at 01:25:11
Hi
I have unticked them from startup in msconfig but thats only unticking not removing...
Any ideas?

Many Thanks,
Joseph Middleton


Report •

#3
August 1, 2008 at 01:50:32
They have been removed (by you), it's the pointers that are still there.

Report •

Related Solutions

#4
August 1, 2008 at 02:00:08
Is there anyway of removing those (if i need to)

Many Thanks,
Joseph Middleton


Report •

#5
August 1, 2008 at 06:23:42
Didn't one of my three methods remove the entry pointers?

Perhaps I'm barking up the wrong tree, what is the exact error message you are getting?


Report •

#6
August 1, 2008 at 06:44:56
I dont get any errors on start up but in msconfig, the two DLL's that I have unticked are still there... just unticked.
Instead of just unticking them can I actually take them off the MSCONFIG start up screen?

Many Thanks,
Joseph Middleton


Report •

#7
August 1, 2008 at 07:15:44
I thought Windows Defender would remove them, Ccleaner certainly would.

Anyway.

I’m not on a Vista machine at the moment but I’m sure the registry keys are the same as XP.

These two XP keys store the items removed from startup via the msconfig program:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

In both you'll find a subkey in the left pane for each disabled item. To remove it/them from the msconfig list, right-click the name and delete it.

I’m sure you’ll recognise the entries but perhaps you should make a system restore point in case they are not the correct keys.


Report •

#8
August 1, 2008 at 07:26:12
Ok great.
Problem solved!

Many Thanks,
Joseph Middleton


Report •

#9
August 1, 2008 at 07:27:51
Great!

Please confirm that those two keys exist in Vista?


Report •

#10
August 1, 2008 at 07:40:53
Hi
When I looked in:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder"
It was there but had nothing in it except Default of course.
However,
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
had two folders containg the DLL's and after deleting both folders, MSCONFIG no longer displayed them.
So long Trojan.Vundo with thanks from Symantec and BurrWalnut, your a credit to Computing.Net.

Many Thanks,
Joseph Middleton


Report •

#11
August 1, 2008 at 07:50:48
Thank you for the confirmation. I’ve just booted Vista and have looked at the two keys. I didn't expect your Trojans to be in startupfolder (your All Programs > StartUp folder) but this together with startupreg are the two keys that start entries are stored in.

Well done.


Report •

#12
August 1, 2008 at 07:53:25
Great, Thanks!

Many Thanks,
Joseph Middleton


Report •

#13
August 1, 2008 at 09:57:37
A program like Msconfig Cleanup should come in handy for that type of left over mess in the future.

http://www.get-in-control.com/mscon...

Jabbering Idiots: Everywhere You Look!


Report •

#14
August 1, 2008 at 10:02:15
Great, will have that on my system for future use...
Hopefully I dont have to use it!

Many Thanks,
Joseph Middleton


Report •

#15
August 1, 2008 at 16:36:21
Why not boot to the Vista dvd and either repair it automatically or manually by command prompt?

The Vista dvd is a Windows PE 2.0 live dvd. It can be used to fix unbootable systems.

"Best Practices", Event viewer, host file, perfmon, are in my top 10


Report •

#16
August 2, 2008 at 00:36:49
Hi
Sorry that was not my problem and it is sorted now anyway!
Thanks anyhow!

Many Thanks,
Joseph Middleton


Report •


Ask Question