Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

wowfx.dll

  • 11-03-2008 09:17AM
    #1
    texanman
    Registered Users, Registered Users 2 Posts: 449 ✭✭


    Having trouble removing wowfx.dll
    created a logfile.please advise


Comments

  • #2
    DarkJager
    Closed Accounts Posts: 7,960 ✭✭✭DarkJager


    It seems wowfx.dll is a Trojan, but it is part of a larger trojan called Qhost. You'll find the removal tool here:

    http://www.symantec.com/security_response/writeup.jsp?docid=2003-100312-1206-99


  • #3
    texanman
    Registered Users, Registered Users 2 Posts: 449 ✭✭texanman


    ran that and its still there
    c:/windows/system/wowfx.dll
    S&D is telling me its Win32.Qhost.abh

    S&D cannot remove it either can Superantispyware


  • #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


  • #5
    texanman
    Registered Users, Registered Users 2 Posts: 449 ✭✭texanman


    Combo fix log.
    Thanks ActorSeeksJob for your post.


  • #6
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Don't attach the reports please


    1. Close any open browsers.

    2. Open notepad and copy/paste the text in the quotebox below into it:
    File::
    C:\Program Files\udefender_setup.exe

    Folder::
    C:\WINDOWS\Installer

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WinMon"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    [-HKEY_CLASSES_ROOT\CLSID\{36b69e6c-292b-4fb1-a336-ed3f8d957bba}]

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Combo-Do.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall



    Reboot and post a new HijackThis log


  • Advertisement
Advertisement
Advertisement