I need some help here, I have a .DLL file that refuses to be deleted.

Archae

(1000+ posts) Send PM | Profile | Ignore

Fri Sep-17-04 11:59 PM
Original message

I need some help here, I have a .DLL file that refuses to be deleted.

This is a .DLL file that hijacks my browser into porn sites, it's called "cool.dll" and nothing I do, can get rid of it.

Help!

Printer Friendly | Permalink | | Top

POed_Ex_Repub

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 12:08 AM
Response to Original message

1. First thing I'd try...

Run Spybot/Adaware in "Safe Mode"

Printer Friendly | Permalink | | Top

Zero Division

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 12:11 AM
Response to Original message

2. Could it be the "CoolWebSearch" virus?

Look into getting some freeware called CWShredder

Printer Friendly | Permalink | | Top

LisaLynne

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 12:13 AM
Response to Original message

3. Are you running WinXP?

Are you logged in as an admin? I agree -- try Adaware or something similar.

Printer Friendly | Permalink | | Top

Syrinx

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 12:19 AM
Response to Original message

4. I believe some versions of Windows...

Use a file called cool.dll to store system icons.

Printer Friendly | Permalink | | Top

Archae

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 12:29 AM
Response to Original message

5. Whatever it is, is keeps switching my browser.

It keeps hijacking my browser to this site:

http://www.coolsearch.biz/

I've run Adaware and Spybot, it doesn't find anything.

Printer Friendly | Permalink | | Top

Syrinx

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 12:32 AM
Response to Reply #5

6. have you tried checking to see if it is a read-only file?

Change that if it is. And then try deleting it. You might want to make a backup, just in case.

Printer Friendly | Permalink | | Top

LiberalFighter

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 12:37 AM
Response to Reply #5

7. Check to see which directory it is located...

do control/alt/delete

click Processes tab to see if it is running
if it is and YOU KNOW that it doesn't belong there... end the process
once the process is ended you can delete the file via Windows Explorer

Printer Friendly | Permalink | | Top

POed_Ex_Repub

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 12:40 AM
Response to Reply #5

8. A couple of things to try...

Start up in "safe mode" and then delete the .DLL

In Spybot there is a tool that shows the startup processes... (the programs that engage when windows first activates) disable the startup process and delete the DLL on your next startup.

Printer Friendly | Permalink | | Top

Seldona

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 12:42 AM
Response to Original message

9. Okay, found this for a WINXP fix.

Edited on Sat Sep-18-04 12:44 AM by Seldona

On Edit, you will need Hijack This. http://www.hijack-this.net/

please copy the contents of the quote box to notepad:

Quote:

REGEDIT4

"System"=-
<-HKEY_CLASSES_ROOT\CLSID\{061646A1-DC57-487D-B023-A938198C174E}>
<-HKEY_CLASSES_ROOT\CLSID\{4E8A9E72-8942-40EF-88DF-A559152F6B41}>
<-HKEY_CLASSES_ROOT\CLSID\{6E94CEC3-0C84-4310-AE20-CD4090178388}>

hit save as
give it the name clear.reg
under the filename set file types to all files.
save it to the desktop.

After done double click the clear.reg
when asked to merge say yes

Reboot.

then find this file:
system32.dll
its probably in one of two locations:
c:\windows\system32\system32.dll
c:\windows\system\system32.dll
and delete it.

Than fix these with hijackthis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/redir.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/redir.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/redir.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/redir.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/redir.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/redir.php

This fixed it for this unfortunate user.

Here is the forum.

http://www.daniweb.com/techtalkforums/thread6255.html

Printer Friendly | Permalink | | Top

miss_kitty

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 12:58 AM
Response to Reply #9

10. Backup your registry before you regedit ANYTHING

Backing up the Windows registry:
How to here:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617?OpenDocument&src=sec_doc_nam

it's easy-i am trying to figure how to get a web.exe (Adware.Winpup) POS off my box tonight, and backup is a wizard-led 5 minute chore. piece of piss

Printer Friendly | Permalink | | Top

Seldona

(1000+ posts) Send PM | Profile | Ignore

Sat Sep-18-04 01:04 AM
Response to Reply #10

11. Good point.

Especially if you have no experience with it.

But with these damn browser hijacks, one should get used to dealing with the registry.

Hiajck This makes it much easier though.

I figure it this way, I am only a format/C: away from the ultimate fix.

:)

Printer Friendly | Permalink | | Top

DU AdBot (1000+ posts)

Fri Apr 19th 2024, 05:07 PM
Response to Original message

Advertisements [?]

Top

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.