dll problem

Discussion in 'Prevx Releases' started by dnazer, Sep 26, 2010.

Thread Status:
Not open for further replies.
  1. dnazer

    dnazer Registered Member

    Joined:
    Sep 26, 2010
    Posts:
    6
    my norton internet security did not detect any viruses but my prevx did. it deleted two dlls by the name of codcok.dll and oyejokes.dll. tbh these dlls look like viruses... but everytime i startup my laptop now it says those two files dlls have not been found. that obviously means a program is trying to execute them. how can i find out what the program is? (all scans come up clean both from norton and prevx.)
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Hi dnazer and welcome to Wilders.

    In folder options set to view Hidden Files and Folders, and untick Hide Extensions for Known File Types, and Hide Protected Operating System Files. You can change them back afterwards.

    Reboot into Safe Mode and use Windows Search for those files. If you find them Delete them. Post back for more advice.
     
  3. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    It's not a program trying to execute the dlls. Its the Windows Registry.
    PrevX deleted the malicious dlls but leftover the Registry entrys.

    Simply run cCleaner (Registry Fix) to get rid of the popups.

    (If that does not fix the problem just open RegEdit and search for the dll names. Delete the startup entrys manually...)

    And you should send a PrevX logfile to PrevX Support so that they can add the registry fix to their database..
     
  4. dnazer

    dnazer Registered Member

    Joined:
    Sep 26, 2010
    Posts:
    6
    thanks to both of you, i appreciate the help. I followed the things both of you said, windows search did not return any findings but in the registry there were quite a few, actually, a lot of files with those names in it. i started deleting one by one then realised it was too tedius.

    i then used ncleaner to clean the things up and now they don't appear. i will upload the prevx logfile shortly.

    one thing stays on my mind is how i got this virus cuz well....i don't really do things that would make me get a virus lol...if u know what i mean. my norton is always up as well... also theres a file called bvodv.exe which was in the temp folder and it almost always went hand in hand with the two dlls in the registry. now that i used ncleaner that files is no longer there :S (it was not originally detected as a malicious software by either norton nd prevx).

    btw after i fixed all of registry files using ncleaner, i did another scan and now ncleaner says i have around 200 invalid reg files nd 1 reg startup. i thought i cleaned them with the first scan (which brought up nearly a thousand :D)
     
  5. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  6. dnazer

    dnazer Registered Member

    Joined:
    Sep 26, 2010
    Posts:
    6
    ya thanks. i took care of it i think. so far no traces left. appreciate the quik replies every1. i uploaded the log file.:)
     
  7. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    It could be indeed interesting to work out where this virus came from cause i investigated a bit and it seems to be fairly new...

    That's normal. Normally it takes 2-3 scans-fixes till the registry is fixed completely...
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Out of curiosity, do you happen to know what keys the registry values were left in? Ideally we'd be able to update Prevx to automatically clean these in the future :)

    Glad you've got the infection sorted - let me know if you need anything else!
     
  9. dnazer

    dnazer Registered Member

    Joined:
    Sep 26, 2010
    Posts:
    6
    i think it may have come from surfthechannel.com that is where i got a uac notice telling me that ocrx which was the exe file tried to access my harddrive.

    as for the registry keys. i thought ncleaner would automatically create a logfile but it apparently hasn't. i then tried to load a backup file of the registry just so i can do the process again lol and this time create a log but apparently ncleaner didnt create a backup automatically xD im new to using ncleaner :p. the prevx logfile shows that it has indeed removed some registry files but obviously it didn't remove all. im rly sry that i can't find any more info. if unfortunately this were to happen again, i have ncleaner keep a log. but for now there is a way of removing using freeware so the problem is solvable.
     
Thread Status:
Not open for further replies.