Clicker virus?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Tom_NY, Dec 26, 2007.

  1. Tom_NY

    Tom_NY Private E-2

    My brother's computer had a virus which caused his machine to send spam e-mail. We've got it basically under control, but there's still a rogue dll which can't be deleted:

    /windows/system/dmocxb.dll

    I can't remove this file, I get "access denied." Even using some tools that purport to delete the file on next boot doesn't work. There's a registry key which references it - can't delete the key or change the value. The file got added as an add-on in IE7, which we disabled, but we can't remove.

    Also, ProcessExplorer shows that winlogon, svchost, and explorer all reference the .dll. I did find an invalid copy of explorer.exe, and removed it.

    Finally, and this might be related, ZoneAlarm warns us that "nslookup" is trying to access the trusted zone. We've denied it, but it comes up each reboot.

    Do I have to boot from CD to get at this file and remove it? Or is there another way?
     
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

  3. Tom_NY

    Tom_NY Private E-2

    Thanks. I will try the later steps. Spybot, AVG, Ad-Aware, NOD32 do not report any problems. I am also working with the NOD32 people on this, since most (but not all) of the anti-virus programs are not flagging this rogue dll as a problem, and they would like to know more about it.

    A Google search on msocxb.dll only shows one reference, on the Prevx site, where they know that this .dll is associated with a virus first seen a few months ago.
     
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    If you would post some logs and follow my instructions we can fix any issues you may have. If you don't follow my instructions and post the logs there is no way for me to see the problems and assist you.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds