Spyware removal: Halp?
rufio:
Yes, I figured out what you meant. I did search for some of the .exes and .dlls that were modified since the 22nd, and some of them are listed as malware on various sites, so I deleted them. There are a bunch that seem to start with names that are identified as malware, but aren't exact matches, specifically:
gxvxcxbxmcpsasfrndpmulccdcrmbwienduef.dll and gxvxcboygubitlrsnkgnldgyybeudklkmqipt.dll - I guess apparently there are some dlls starting with gxvxc* that cause browser redirections, or something, but I have not had such problems in the past few days and I'm not 100% convinced from googling that everything with gxvxc* is a virus.
Similarly, there is a gxvxccounter which seems to be associated with viruses and browser hijacks, but the file itself is not listed anywhere as definitely being a virus. As I said, I have had no problems whatsoever with my browser when I used it from Windows.
ssqpqrQk.dll - ssqpq.dll appears to be malware, but I can find no mention of ssqpqrQk.dll anywhere.
opnonMeD.dll - same deal, with opnon.dll.
The ones I deleted were
kdfapi.dll
kdfhok.dll
kdfinj.dll
kdfmgr.exe
kdfvmgr.exe
There seems to be some controversy over whether theses are trojans or some part of Trend Micro's keystroke encryption. I do use Trend Micro, but I don't use the keystroke encryption, so I won't be sad if I accidentally nuke it.
Also
khfGxYOE.dll
and maybe one or two others that I can't remember but were listed as being trojans in various places.
There is also
nvModes.dat
nvModes.001
but googling reveals that these may be nvidia related? The pages I found seem to talk about also removing a lot of other dlls that I do not have.
Everything else that was modified since the 22nd turns up no google results, or at least nothing terribly useful. Just in case it means something to anyone, though:
kungsftyyxlnia.dll
kungsfmaedklfo.dat
ddcywTJD.dll
urqNFuvs.dll
urqrRICU.dll
xxyWpnKD.dll
phyllis_p:
My best friend for spyware removal of late has been malwarebytes.
Zazazu:
I just used McAfee for my infection. It labelled the three problem files, but could only quarantine. I then used DelInvFile to delete them on restart. Another scan by McAfee as well as Panda came up clean.
Scratch that. Tried MalwareBytes. 1000% times better, and caught 18 other problem files (from the same trojan, by the looks of it). Get ye some.
morriganrant:
I love malwarebytes. It is king. At least a couple of those .dlls and .exe will probably be infections. I can't say for sure because I don't know what all is on your machine, and what all they may have to do with, but many trojans and the like will generate .exes with odd, seemingly random, named files. Sometimes, once you remove the offending file, it will create a new one with the same name or similar, sometimes it will be another number or letter jumble. The browser redirect files will often keep you from going to sites that can help you remove such things, like bleepingcomputers forums or majorgeeks, sometimes keeping your browser from returning anything negative about the file you are looking up, thus why it's sometimes better to use a second computer for the net during removal. Use Malwarebytes to get anything else. If it leaves anything behind you can be sure that it's more then likly benign and non-functional since you've removed all of it's other files. If your Anti-virus has a scan on boot then use that, if not run your spyware and anti-virus after malwarebytes is done just to make sure.
If you want to be positive that you've gotten everything, visit the bleepingcomputers forum or Majorgeeks, they will walk you through every step of removal if you need it.
maxon:
I can recommend Malwarebytes too - I got it about a year ago and it removed a really naasty trojan for me that nothing else would touch.
Navigation
[0] Message Index
[#] Next page
[*] Previous page