General discussion

Locked

AVG 7.0 detected virus but cannot remove

By hop228a ·
Just ran AVG and it identified a virus Worm/Dedler.Q). The file is msexpb.dll.

Anyone tell me how to remove this?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by dmiles In reply to AVG 7.0 detected virus bu ...

An W32.Dedler.Worm is executed, it does the following:

Copies itself as %System%\smvss.exe.

Adds one of the following values:

"SoundMixer"="%System%\smvss.exe"
"MSInstall"="%System%\smvss.exe"
"MicrosoftOEM"="%System%\smvss.exe"
"SunJavaUpdate"="%System%\smvss.exe"

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the worm runs when you start Windows.

Download updates
Execute commands on the victim machine
Retrieve information the infected machine

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode or VGA mode.
Run a full system scan and delete all the files detected as W32.Dedler.Worm.
Delete the value that was added to the registry.

For specific details on each of these steps, read the following instructions.

1. Disabling System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

Collapse -

by wlbowers In reply to AVG 7.0 detected virus bu ...

Turn off system restore if it is used in your os.

Download, update, and run the following.

Your Antivirus Software

Spybot:
http://tinyurl.com/ziar

Ad-Aware:
http://tinyurl.com/tek5

Stinger
http://vil.nai.com/vil/stinger/
This item will not update through the program. You have to download the new version.

CWshredder:
http://tinyurl.com/2bzef
Or
http://tinyurl.com/2k642
Look for the file in English CWShredder.exe

StartUpList:
http://www.mac-net.com/576482.page

StartUpList is information only. Startup, Registery, and others. You can?t fix anything from within the program.

Hijack This:
http://mjc1.com/mirror/hjt/

Hijack This is useful in that it shows what is currently loading on startup. You must know what is good and what is bad. Once you check it and fix it is gone. So be sure. Items you are not sure of do a Google search for them.

Run Your Antivirus again

I have had to boot into safe mode and run these.

Good Luck Lee

Collapse -

by hop228a In reply to AVG 7.0 detected virus bu ...

This question was closed by the author

Back to Desktop Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums