1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

ernel32.dll Virus Removal

Discussion in 'Networking & Security' started by AphexDreamer, Aug 2, 2010.

  1. AphexDreamer

    AphexDreamer

    Joined:
    Jun 17, 2007
    Messages:
    6,927 (2.77/day)
    Thanks Received:
    888
    Location:
    C:\Program Files (x86)\Aphexdreamer\
    I've googled this and followed the steps I found to remove it and it still comes back. I can't surf the net because of this Trojan.
    I've ran malware bytes and it too can't remove it. I've tried Safe Mode manually deleting it and it still comes back. Right now I'm running super spyware removal to see if it can remove it.

    Anyone ever had this or know how to get rid of it?

    The virus is on a Laptop running windows xp.
  2. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,191 (2.08/day)
    Thanks Received:
    1,494
    Location:
    στο άλφα έως ωμέγα
  3. AphexDreamer

    AphexDreamer

    Joined:
    Jun 17, 2007
    Messages:
    6,927 (2.77/day)
    Thanks Received:
    888
    Location:
    C:\Program Files (x86)\Aphexdreamer\
    But this came from another house. Its not my laptop so this is a whole new router and internet connection for the laptop.

    Super Anti Spyware remover found threats as well and removed it but it was still there on reboot in system 32. It also won't let me launch certain .exe's.
  4. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    41,698 (11.96/day)
    Thanks Received:
    9,221
    try kasperskys 30 day trial.

    malware bytes aint designed for antivirus, its just a spyware remover and nowhere near as good as a real AV.
    95Viper says thanks.
  5. streetfighter 2

    streetfighter 2 New Member

    Joined:
    Jul 26, 2010
    Messages:
    1,658 (1.21/day)
    Thanks Received:
    732
    Location:
    Philly
    combofix? If you've never used combofix before this is a good place to start.

    MBAM is actually pretty weak in my experience and I use it mostly to let me know if somethings wrong, rather than to fix it. If something is messed up I switch to the hard stuff like manual removal and combofix.

    A trick that works for me often enough is if you can gain complete control of the dll in question start by deleting it, then create a blank file named with the same name as the dll, then manually edit the permissions to prevent anyone (including yourself) from r/w/e. This has worked for me countless times when I just needed to get a virus to stop bugging me while I figured out what was spawning it.
    Last edited: Aug 2, 2010
    AphexDreamer and 95Viper say thanks.
  6. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,191 (2.08/day)
    Thanks Received:
    1,494
    Location:
    στο άλφα έως ωμέγα
    Hmmmm... Is it connected to a wired or wireless connection now?

    Use the repairs under preferences in Superantispyware to reset all ie explorer and hi-jack related problems. Run it again. And, make a bootable usb\cd and run this portable version from it.

    That ernel32 virus is a form of rootkit. Nasty little bugger. Try this to:Malicious Software Removal Tool
    Download here: Microsoft® Windows® Malicious Software Removal Tool (KB890830)

    Also, try these, Avira Antivir Rescue System(iso) or Avira AntiVir Rescue System(exe)
    Or\And, Kaspersky Rescue Disk 10

    If all else fails combofix(A guide and tutorial on using ComboFix) or re-install the OS.

    Sorry, a little slow in typing.
  7. AphexDreamer

    AphexDreamer

    Joined:
    Jun 17, 2007
    Messages:
    6,927 (2.77/day)
    Thanks Received:
    888
    Location:
    C:\Program Files (x86)\Aphexdreamer\
    Yeah I did Combo fix and got rid of it. Now however Combo fix has messed up my internet connection.

    I can't seem to get an IP. Typing IPconfig in CMD results in access denied.

    Now to fix this and the laptop should be good.
  8. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,191 (2.08/day)
    Thanks Received:
    1,494
    Location:
    στο άλφα έως ωμέγα
  9. AphexDreamer

    AphexDreamer

    Joined:
    Jun 17, 2007
    Messages:
    6,927 (2.77/day)
    Thanks Received:
    888
    Location:
    C:\Program Files (x86)\Aphexdreamer\
    It also says

    unable to open registry key for TCPIP

    So I think the issue is deeper but I will try that.

    I also tried WinSOC fix but that didn't do the trick either. :/

    EDIT: That didn't work.

    reading here they suggest its a driver issue. I think I remember the Combo fix deleting a driver something .sys
  10. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,191 (2.08/day)
    Thanks Received:
    1,494
    Location:
    στο άλφα έως ωμέγα
    You are using wireless, I assume, so go to your hardware device manager and check the wireless devices. You may need to update or re-install a driver or two.
  11. AphexDreamer

    AphexDreamer

    Joined:
    Jun 17, 2007
    Messages:
    6,927 (2.77/day)
    Thanks Received:
    888
    Location:
    C:\Program Files (x86)\Aphexdreamer\
    Its installed.

    I just tried doing this.

    http://www.electrictoolbox.com/reinstall-tcpip-windows/
  12. AphexDreamer

    AphexDreamer

    Joined:
    Jun 17, 2007
    Messages:
    6,927 (2.77/day)
    Thanks Received:
    888
    Location:
    C:\Program Files (x86)\Aphexdreamer\
    Now device manger says the hardware is there but Windows Wireless Network manager say the hardware isn't. I could do all but the last time following that TCIP IP reinstall guide and that was uninstall Internet protocol TCP/IP. It just hides the uninstall button.
  13. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,191 (2.08/day)
    Thanks Received:
    1,494
    Location:
    στο άλφα έως ωμέγα
    As a side note you might want to run, in a (administrative)command prompt, the command "sfc /scannow" that is without the quotes; and, a space between the "c" and "/". To check your system files and repair any that may have been changed or altered, just to be on the safe side.

    Edit: I had already started typing, before your post...

    Have you re-booted yet?

    I can't re-call to well on xp, but I believe you can un-install and install the protocols in the add\remove programs-add\remove components.
    Last edited: Aug 2, 2010
    streetfighter 2 says thanks.
  14. AphexDreamer

    AphexDreamer

    Joined:
    Jun 17, 2007
    Messages:
    6,927 (2.77/day)
    Thanks Received:
    888
    Location:
    C:\Program Files (x86)\Aphexdreamer\
    I'm good guys thanks. Did win sock and uninstalled Wireless NIC drivers. Worked upon reinstall.
    95Viper says thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page