Question:
Virus: Used with explorer.exe? Or a .dll?
Jenna
2010-08-29 01:55:26 UTC
I'm fixing some viruses on my computer right now, and I'm having trouble with this one.

My file was detected as a trojan from..

c:/users/owner/AppData/Local/indapr.dll

So the file "indapr.dll" Drom the appdata\local was infected with a Trojan, when I deleted it. It also closed the process explorer.exe.

I didn't want to restart my computer so I manually restarted explorer.exe through the task manager.

When I run the explorer.exe it starts up perfectly and everything is fine, but I keep having a error message popping up every 10 seconds or so, saying..

Error Loading: c:/users/owner/AppData/Local/indapr.dll

c:/users/owner/AppData/Local/indapr.dll is not a valid win32 Application.

So I'm guessing the whenever the explorer.exe was ran at startup it ran that application which was the virus. (Just guessing)

Does anyone know what else I have to do? Or did I do something wrong?

Or.. Do I have to go through the registry keys and remove it from there?

Thank youu.
Four answers:
Zarn
2010-08-29 01:56:37 UTC
There's probably something in the registry that wants to load the corrupted file. Try Malwarebytes' Anti-Malware, http://www.malwarebytes.org , and I do think you'll eventually have to reboot your computer.
2010-08-29 09:25:12 UTC
NEVER manually remove files to clear a virus. It will not remove the programs calling them, nor the registry entries. Often the program starting up the malware will regenerate the file or create a different one to maintain control on your machine. It also often causes them to replicate all over the machine making a repair impossible. Always use a proper anti-malware program. Just removing a registry entry will probably not help, it is often an entry being altered, so you would need to know what the original entry was. In effect you have damaged your OS. Your best option now is to run a repair re-install from the original disk. If that succeeds run a quick scan with the free download (blue buton) from http://malwarebytes.org. When you have let it remove the infections it will ask for a restart, do so IMMEDIATELY or it can re-infect. Then do the FULL scan to be sure. If the repair reinstall dos not work you may be forced to e-format your system and lose all your files. And ALWAYS run a full real time anti-spyware/virus
2010-08-29 11:09:08 UTC
Sidebar:

Not specific to your solution, but this might (?) be related, and possibly helpful:

dll problems (Aug-10) (aka "binary planting")

http://support.microsoft.com/kb/2264107



Windows follows a 'search sequence' of directories looking for an application's call for a " .dll " file. (Those are 'libraries' of commonly used files).

If a malicious .dll can be inserted into one of the earlier directories than the correct one, that will load the malicious one first...it being named the same as the correct one.



Microsoft will NOT be fixing this, and is the common 'routine' for all Windows OS's: it is up to the 3rd party vendor/author to correct the problem, which means you MUST constantly keep your 3rd party app's updated.

Currently there are several hundred widely used app's that do not specify the .dll location, but relinquish this chore to the Windows OS.



sources:

GRC "Security Now"; 263; http://www.grc.com/securitynow.htm



http://blogs.pcmag.com/securitywatch/2010/08/windows_app_dll_load_vulnerabi.php



(My thought was possibly a hack attempt via some code [a malicious '.dll'] which was not 'written' correctly and gets hung up...

Run "Secunia"; checks all your 3rd party & OS version for updates.

Freeware.

http://secunia.com/vulnerability_scanning/
Benjamin
2010-08-29 08:58:07 UTC
Scan your system with MalwareBytes & Reginout. It will help you.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...