Strange malware "ofdavc.dll"

Discussion in 'Malware Help (A Specialist Will Reply)' started by thecoffindodger, Sep 30, 2012.

  1. thecoffindodger

    thecoffindodger Private E-2

    Hi guys
    I have been here many times for advice but this is the first time i have posted.

    I run a computer repair company and i have 4 PC's i use for work,
    Yesterday i noticed on one of my pc's was booting up realy slow and i found that internet explorer was starting up and running in the background after booting up. (not the brouser just the process In Task Manager) when i looked in System Configuration under the startup tab i found a entry called "ofdavc"
    If i unchecked it and rebooted my PC it just entered itself again, I did a search on google for the process but could'nt find anything about it, ?
    I did manage to remove it from my system, So this is for anyone out there that as picked it up and can not find a solution. This is how i removed it :
    1, Reboot you pc in to safe mode,
    2, In folder options: show all hidden files and folders
    3, Navigate to: (win XP) c:/Documents and Settings/user file (your name)/Application Data. (win 7) c:/Users/user file (your name)/Application Data.
    4, In the Application Data folder: delete the file named "ofdavc.DLL"
    5, (In winXP) open run and type in "regedit" (In win 7) type it in where it says (search programs and files) at the bottom of the start menu.
    5, In the top right corner of the registry Editor click on edit, scroll down and click on (find..), In the (find what:) box type "ofdavc" Then click (find next). Any string value or folder highlighted with the name "ofdavc" Delete it, Repeat the obove un till you can not find anymore string value's or folders with that name, I found and deleted 2 string Value's and one folder.
    6, Close all apps and reboot into normal mode,
    That seemed to sort my PC out and no more ie starting on boot,
    I hope this will help anyone who Has this infection and can not find any help out there on google. :wave
     
    thecoffindodger, Sep 30, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Thanks for posting what worked for you but this is likely just unique to you ( which is why you saw no info on it in your search ). Infections like his use random file names, random folder names, and random registry keys. That is what we have a malware cleaning procedure ( READ & RUN ME FIRST. Malware Removal Guide ) which allows us to collect logs to identify exactly how and where the infection has taken hold in each PC. Then we can taylor the fixes to the particular case.
     
    chaslang, Sep 30, 2012
    #2
  3. thecoffindodger

    thecoffindodger Private E-2

    Hi Chaslang
    Yes im sry i had removed the infection before i came on here and read your "run & read me first", But now i know i will be sure to make logs of any other infections i find or if i come across this one again.
     
    thecoffindodger, Oct 1, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No problem! ;)
     
    chaslang, Oct 1, 2012
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds