my norton internet security did not detect any viruses but my prevx did. it deleted two dlls by the name of codcok.dll and oyejokes.dll. tbh these dlls look like viruses... but everytime i startup my laptop now it says those two files dlls have not been found. that obviously means a program is trying to execute them. how can i find out what the program is? (all scans come up clean both from norton and prevx.)
Hi dnazer and welcome to Wilders. In folder options set to view Hidden Files and Folders, and untick Hide Extensions for Known File Types, and Hide Protected Operating System Files. You can change them back afterwards. Reboot into Safe Mode and use Windows Search for those files. If you find them Delete them. Post back for more advice.
It's not a program trying to execute the dlls. Its the Windows Registry. PrevX deleted the malicious dlls but leftover the Registry entrys. Simply run cCleaner (Registry Fix) to get rid of the popups. (If that does not fix the problem just open RegEdit and search for the dll names. Delete the startup entrys manually...) And you should send a PrevX logfile to PrevX Support so that they can add the registry fix to their database..
thanks to both of you, i appreciate the help. I followed the things both of you said, windows search did not return any findings but in the registry there were quite a few, actually, a lot of files with those names in it. i started deleting one by one then realised it was too tedius. i then used ncleaner to clean the things up and now they don't appear. i will upload the prevx logfile shortly. one thing stays on my mind is how i got this virus cuz well....i don't really do things that would make me get a virus lol...if u know what i mean. my norton is always up as well... also theres a file called bvodv.exe which was in the temp folder and it almost always went hand in hand with the two dlls in the registry. now that i used ncleaner that files is no longer there :S (it was not originally detected as a malicious software by either norton nd prevx). btw after i fixed all of registry files using ncleaner, i did another scan and now ncleaner says i have around 200 invalid reg files nd 1 reg startup. i thought i cleaned them with the first scan (which brought up nearly a thousand )
Found this, look at alias names for this malware, i.e. bvodv.exe : http://www.prevx.com/filenames/2378199240129197404-X1/MTNFAQLR.EXE.html
ya thanks. i took care of it i think. so far no traces left. appreciate the quik replies every1. i uploaded the log file.
It could be indeed interesting to work out where this virus came from cause i investigated a bit and it seems to be fairly new... That's normal. Normally it takes 2-3 scans-fixes till the registry is fixed completely...
Out of curiosity, do you happen to know what keys the registry values were left in? Ideally we'd be able to update Prevx to automatically clean these in the future Glad you've got the infection sorted - let me know if you need anything else!
i think it may have come from surfthechannel.com that is where i got a uac notice telling me that ocrx which was the exe file tried to access my harddrive. as for the registry keys. i thought ncleaner would automatically create a logfile but it apparently hasn't. i then tried to load a backup file of the registry just so i can do the process again lol and this time create a log but apparently ncleaner didnt create a backup automatically xD im new to using ncleaner . the prevx logfile shows that it has indeed removed some registry files but obviously it didn't remove all. im rly sry that i can't find any more info. if unfortunately this were to happen again, i have ncleaner keep a log. but for now there is a way of removing using freeware so the problem is solvable.
