Hi, I am at my wits end trying to rid my machine of what i believe is a mass mailer virus. This threat seems to manifest itself by continually writing wlctrl32.ddl in my windows\system32 folder after deleting. There is also a key in the registry which also reappears after deletion, - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32. I've tried AVG, Kaspersky, Symatec etc. etc. but the file still reappears. Can you help please? Thanks.
I am not sure exactly what fixed it, possibly a combination of Kaspersky AV and manual deletion. You probably have some new .SYS files in your windows\system32\drivers folder too. These are definately part of the problem.
Good luck, and sorry I can't be more specific with help.
Go here: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DIEHARD.D&VSect=T
I spent a couple of weeks fighting this - the link mentions the file upy10.sys - I didn't have it, I had pvb38.sys. Anyhoo, the removal instructions took care of it.
however, when I reboot they come again! There must be something that regenerates those entries. I don't have neither the Upy10.sys nor the pvb38.sys files, so I don't know which (.sys) files could be responsible for regenerating those entries!
I'd like to shed a little light on what I used to eradicate wlctrl32.dll from my Windows XP SP2 system.
I started with installing Bit defender. This product wasn't able to find and clean the processes spawned from wlctrl32.dll but it did help to identify that thousands of emails were being sent from my pc. I'm sure Zone Alarm would've been similarly helpful. As Dave B. suggested in his link an updated version of Kaspersky found and cleaned a varient of the trojan-downloader.win32.mutant.nb, and win32.Agent.
Though I didn't have any of the files Dave found in his registry or Drivers folder, I concur, deleting wlctrl32.dll manually doesn't get rid of this loathesome bug.
Unfortuately I can't go into all the steps I used to competely rid my system of wlctrl32.dll. I had other viruses to contend with in addition to this one. But wlctrl32.dll is one of the most stubbron worms I've ever had to root out.
During the course of deleting wlctrl32.dll I also found related malware processes/drivers/files which needed deleting and references removed from the registry:
Process Explorer from the Sysinternals Suite. Trendmicro's Hijackthis SDfix.exe Sophos Rootkit detector (sarsfix.exe) Spybot Search and Destroy Adaware Pro Bitdefender Fprot online scanner
Also spend some time searching through and deleting anything suspicious in the Documents and Settings\<user profile>\Local Settings\Temp; Documents and Settings\<user profile>\Local Settings\Temporary Internet Files
If you are running Win2000 or XP try this first: (Not compatible with Vista)
Download SDFix "http://downloads.andymanchesta.com/RemovalTools/SDFix.exe" and save it to your desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.
Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Open the SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. Finally copy and paste the contents of the results file Report.txt in your next reply.
Currently it is Tuesday, October 07, 2008 1:24 AM (GMT +2) There are a total of 62.539 posts in 15.594 threads. In the last 3 days there were 12 new threads and 47 reply posts. View Active Threads
Who's Online
This forum has 26660 registered members. Please welcome our newest member, bloat. 36 Guest(s), 0 Registered Member(s) are currently online. Details
|