chaslang- i can't delete the dmpp.dll file

Discussion in 'Malware Help (A Specialist Will Reply)' started by nv178177, Feb 10, 2006.

  1. nv178177

    nv178177 Private E-2

    I was following your thread on the spyfalcon, and I couldn't delete the file "dmpp.dll." It said that the file was either write protected or in use. What can I do?

    Thank you
     
    nv178177, Feb 10, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The file name is dxmpp.dll not dmpp.dll.

    Click Start, Run, and enter cmd and click OK. This opens a command prompt window. In the command prompt window enter the below (I'm assuming you have Windows installed in C:\Windows)

    cd C:\windows\system32
    attrib -r -h -s dxmpp.dll <--- note there are spaces between the -r, -h, -s
    del dxmpp.dll

    Look for any error messages and write it down. Then type exit and hit the enter key to close the command prompt window. Did this work?
     
    chaslang, Feb 10, 2006
    #2
  3. nv178177

    nv178177 Private E-2

    no. that did not work. it said "access denied"
     
    nv178177, Feb 10, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you in safe mode?
     
    chaslang, Feb 10, 2006
    #4
  5. nv178177

    nv178177 Private E-2

    yes. i followed all of your steps up to this point.
     
    nv178177, Feb 10, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Also, did SpyFalcon say it uninstall when you used Add/Remove programs?
     
    chaslang, Feb 10, 2006
    #6
  7. nv178177

    nv178177 Private E-2

    i tried to uninstall it when it first popped up. i was in normal mode then. it said that it uninstalled successfully, but i was still getting the stupid balloon. i then went to this site to get some help and saw your sticky. when i went in safe mode to remove it, spy falcon wasn't there.
     
    nv178177, Feb 10, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But are you in safe mode right now!
     
    chaslang, Feb 10, 2006
    #8
  9. nv178177

    nv178177 Private E-2

    yes. i still am. im on another computer for internet. not the infected comp.
     
    nv178177, Feb 10, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download GetRunKey125b.zip to your PC someplace you can locate it. Then extract the files from the ZIP. Locate the getrunkey125b.bat file and double click on it to run it. It will create a file named runkeys.txt in the root of drive C: (C:\runkeys.txt) . This log will also popup in a notepad window which your can just close. Upload the runkeys.txt file here as an attachment. Do this before continuing to the below.
     
    chaslang, Feb 10, 2006
    #10
  11. nv178177

    nv178177 Private E-2

    do you want me to do this while in safe mode?
     
    nv178177, Feb 10, 2006
    #11
  12. nv178177

    nv178177 Private E-2

    here is the log file
     

    Attached Files:

    nv178177, Feb 10, 2006
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's fine! It should not matter for this test.
     
    chaslang, Feb 10, 2006
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Both of the below files need to be deleted:

    C:\WINDOWS\system32\wbeconm.dll
    C:\WINDOWS\system32\dxmpp.dll

    First try deleting wbeconm.dll
    Let me know if it deletes.
     
    chaslang, Feb 10, 2006
    #14
  15. nv178177

    nv178177 Private E-2

    ive run the scan and attached the log file below

    thanks for your patience
     
    nv178177, Feb 10, 2006
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I know I already posted something to do.
     
    chaslang, Feb 10, 2006
    #16
  17. nv178177

    nv178177 Private E-2

    i can't find that file. it doesn't show.
     
    nv178177, Feb 10, 2006
    #17
  18. nv178177

    nv178177 Private E-2

    i was able to delete the dxmpp.dll file this time.
     
    nv178177, Feb 10, 2006
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What did you do differently?

    Use the below from the command prompt

    attrib -r -h -s wbeconm.dll

    does it show now.
     
    chaslang, Feb 10, 2006
    #19
  20. nv178177

    nv178177 Private E-2

    the only thing i did differently was that i ran in safe mode with networking. the file "wbeconm.dll" could not be found. should i continue on with the sticky?
     
    nv178177, Feb 10, 2006
    #20
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But you said you were already in safe mode before. Did you reboot again? If so that may be what was needed to make it deleteable. wbeconm.dll was in the runkeys.txt log. So unless it went away after rebooting.........well let's be sure. Get another runkeys.txt log and attach it.
     
    chaslang, Feb 10, 2006
    #21
  22. nv178177

    nv178177 Private E-2

    it seems like everything is gone. should i go ahead and continue with the sticky? and can i delete the all the files: fixfalcon. reg, smitrem, getrunkey after i finish?
     

    Attached Files:

    nv178177, Feb 10, 2006
    #22
  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! SpyAxe & SpyFalcon are gone now!

    Yes! Run thru the sticky now and attach the requested logs when finished.
     
    chaslang, Feb 10, 2006
    #23
  24. nv178177

    nv178177 Private E-2

    i've completed the sticky. logs are attached. when i ran the getrunkey the second time, a lot of other txt files were saved along with the runkey text. is that normal? if so, then all seems fine.

    thank you for your help!
     

    Attached Files:

    nv178177, Feb 10, 2006
    #24
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You only ran SmitRem and posted it's log. I thought you meant you were going to run this Sticky thread READ & RUN ME FIRST Before Asking for Support

    When you closed the notepad window that opens up with the runkeys.txt log, all the temp files created by getrunkey125b.bat are deleted. If some how the process is terminated incorrectly, the files may not be deleted.
     
    chaslang, Feb 10, 2006
    #25

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds