Self recreating .dll file virus. Please help.

May 28, 2010 at 21:53:32
Specs: Windows XP
Hey everybody.
I have a problem with some viruses that have appeared on my system.
Any help would be appreciated!
:-)

I noticed today while having a look through "Startup Control Panel" that I have two programs booting on startup both which I do not recognise and that are .dll files.
They are:
-rundll32.exe ''ljihee.dll'',s
-rundll32.exe ''geebaw.dll'',DllRegisterServer

I first searched both of these on Google but get absolutely no results which seemed very unusual to me...

Then I tried to untick them in Startup Control Panel.
They untick, but then immediately recreate themselves with a different nonsense file name (although the .dll name remains steady the whole time.)

I also checked the startup things on Spybot S&D.
They appear there too, and if I untick them they reappear once I change page in Spybot and then go back.

I also did the same thing in CCleaner startup tool.
And they reappear immediately upon changing the page.

Spybot, Ad-Aware and AVG do not pick up any errors in my system.

I have CCleaned my system and done a Disk and Registry Defrag with Auslogics programs too.

Revo Uninstaller isnt picking up anything unusal that has been installed.
Nor is the Windows Add/Remove.

I can't delete the files through Windows\System32 because they are .dll files.

I tried renaming them and while that works, they just recreate themselves upon restart.


The only thing they seem to be doing is causing some links in Google to divert to obviously fake pages and occasioanlly making Firefox crash.
But that's enough for me not to want them there.

Any ideas?
Cheers.
-B


See More: Self recreating .dll file virus. Please help.

Report •


#1
May 28, 2010 at 23:03:14
It looks like there has been some Malware within your PC, which is recreating itself.

Perform a Malware Check:
MalwareBytes Anti-Malware

Steps
1. Install MalwareByes Anti-Malware
2. Update Malware Definitions
3. Run a Scan on your PC
4. Check out the Results


Report •

#2
May 28, 2010 at 23:06:27
Ok.
I ran MalwareBytes Anti-Malware.

It immediately found the geebaw.dll and was able to remove it. I think that that problem has been fixed.

The ljihee.dll on the other hand is still causing grief.
Everytime I run Anti Malware it finds 3 or 4 Trojan.agent and Trojan.vundo whose names match the nonsense names that the ljihee uses.

I tell it to fix them and it says it has removed them, but the .dll is still there (Anti Malware is not actually finding the .dll as an issue).

Cheers
-B


Report •

#3
May 28, 2010 at 23:17:24
Actually.
The .dll is not still there.

It is nowhere that I can find it on my system.
However, it still says it will run on startup and replicates if I untick it...

:-/

-B


Report •

Related Solutions

#4
May 28, 2010 at 23:18:11
Since one of your problems have been removed. I recommend you to perform the necessary steps for further removal as:

1. Download VundoFix
2. Perform a Full System Scan using Anti-Malware
3. Manually check entries in System Startup
4. Restart the System


Report •

#5
May 28, 2010 at 23:54:14
Ok.

I downloaded and ran VundoFix.
It found no infected files.

AntiMalware just finds the same thing over and over.
Everytime I run Anti Malware it finds 3 or 4 Trojan.agent and Trojan.vundo whose names match the nonsense names that the ljihee uses.
I tell it to fix them and it says it has removed them, but the .dll still says it's starting on startup and still replicates if I try to unselect it.

I didn't understand Step 3.

Will restart now and let you know.

-B


Report •

#6
May 28, 2010 at 23:58:59
After restarting the .dll is still there under Startup Control Panel and still replicates if I try to delete or unselect it.

Interestingly, the crashes that it was causing before seem to have stopped.
But I still want to get rid of thing thing because it's obviously quite malicios.

Cheers.
-B


Report •

#7
May 29, 2010 at 00:15:44
Here are some websites that provide information on Removal of Vundo Trojan:

Vundo Removal - 2Spyware
Vundo Removal - Bleeping Computer

Also, if that doesn't helps you, may be you should have a look at the usage of Spyware Doctor for removal:

Spyware Doctor Guide


Report •

#8
May 29, 2010 at 01:46:16
Ok.

So... I download Spyware Doctor.
It found the .dll.
But it won't remove it without paying...

Surely there is another program that is free which can remove this?
(Especially since it might not work anyway if previous experience is worth anything).

-B


Report •

#9
May 29, 2010 at 02:06:21
You can try out SpyHunter to remove the .dll files that are infected:

SpyHunter

Please follow up on this post for your problems!


Report •

#10
May 29, 2010 at 02:52:31
I downloaded and installed SpyHunter.
It too found the .dll's.
But it too is not free.
You have to pay to remove them just like Spyware Doctor.
??????


Surely there is another program that is free which can remove this?
(Especially since it might not work anyway if previous experience is worth anything).

-B


Report •

#11
May 29, 2010 at 07:49:24
Have you tried Hitman Pro 3.5. or ComboFix?..

http://www.surfright.nl/en/hitmanpro

http://www.bleepingcomputer.com/com...


Report •

#12
May 29, 2010 at 09:10:27
If you said spyware doctor found it and it is NOT a false positive, you can get a free working version in google packs:
http://pack.google.com/intl/en/pack...

Just uncheck everything except spyware doctor. Then run it and remove the problem.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •


Ask Question