Question

Locked

New Member: Removing a rogue dll file in startup routine

By pdstevens8 ·
I have a rogue dll file (C:\WINDOWS\system32\fasomxlh.dll) that is invoked when winlogon.exe runs. The dll kicks off a spyware/adware program. The file is quarentined, but I want to remove it. I used TrndMicro's Hijack This to remove it and used the Delete a File Upon Reboot Misc.Tools function, but it didn't work. I also tried SysClean, to no avail.

Winlogon.exe is an seential program and anti-spyware apps fail to remove fasomxlh.dll. Though the file is quarentined, I have to respond to quarentine messages repeatedly with its frequent run attemps. Win XP won't let me rename or delete the dll even fron the Command prompt. Any suggestions?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

If you have a Linux boot CD

by Darryl~ Moderator In reply to New Member: Removing a ro ...

You could try booting to it & removing the file while the OS is not running.

edited for: I made a couple boot CD's I use quite often that I like....here's a link to the instructions & their downloads.
http://www.ubcd4win.com/

Collapse -

You didn't mention

by Jacky Howe In reply to New Member: Removing a ro ...

what Antivirus software you are using.

Try a scan with this in Safe Mode with System Restore turned off.

Download Malwarebytes Anti-Malware, install it and update it and scan your Sysytem.

<a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

Collapse -

In addition to the

by IC-IT In reply to New Member: Removing a ro ...

other great advice; Insure you turn off system restore before doing the scans.
You may have actually deleted it before, but it is being regenerated by another program hiding in the system restore point.

Back to Malware Forum
4 total posts (Page 1 of 1)  

Related Forums