General Forums >> Ask A Tech Expert >> Virus
Virus
1 post back to top |
Posted 26 days ago Hi am trying to help a friend get rid of a virus could you please tell me how to ged rid of this virus windows\system\32\fwcfg32.dll thanking you in advance. My friend is running windows vista home premium. |
503 posts back to top |
| Posted 22 days ago Why do you think this is a virus? fwcfg32.dll appears to be a firewall configuation key, a dynamic link library file. What problems is your friend having or is this file just being flagged? |
5 posts back to top |
| Posted 16 days ago Disable recycle bin. shut down, boot in safe mode, delete the DLL. reboot, check if it's gone. then reboot and start up normally and re-enable your bin. |
1086 posts back to top |
| Posted 16 days ago Unfortunately, fwcfg32.dll is listed on several sites as a "BAD" fle. Variously cited as a Trojan/backdoor virus or simply on the Get rid of list, it seems to be someones attempt at producing a virus of sorts. Now, on the other side of the coin. NOT a single of the sites that I read, said anything about what it did that was bad. A trojan horse virus is a method of permitting access to someone's computer, or permitting access by another program to someone's computer. However, I just did NOT find any references to computers having been corrupted or overrun or destroyed etc... So, it is your decision as to whether you want it gone or not. Personally, I rule my decisions by a knowledge. In this case, I have NO knowledge off what it should do nor of any reason to have it on my system. Therefore, if it were my decision, I would be thinking of ways to remove it. That being said, there are a few places to look in order to remove libraries. First, remove it from the active list (This is simply a run through the Task Manager and "STOPPING" any processes spun off by the library), unfortunately, this means that you'll need to know what processes get spun off by using this library which isn't a simple task. Next, remove any files that are stored on your system. these are normally placed in the ...\Windows\system or...\Windows\system32 directories (folders). They are placed here because the system usually goess there automatically to find these types of files. So simply delete them from these directories. The first step will keep any running processes from re-saving themselves in this directory Next review the startup folder and Registry for references to the library. The startup program may be written in such a way as to go out to the internet to find NEW versions of the library and could therefore re-infect the machine if not removed from the startup folder. Registry issues are a bit different. They don't really run a program directly, but the end result can be the same. The registry references a program that can reload the errant library from the internet, then the results become the same - re-infection. |
31 posts back to top |
| Posted 11 days ago Ok it is deeper than that... First if you want to get rid of it by remediation, you are in for a bumpy road. First you will need to empty your recycle bin, nuke your temp files in safe mode etc... Then download HiJack This (you can get it free here... http://free.antivirus.com/hijackthis/ ) and run a scan. Save the log results and visit AumHa.org forums (here is the exact place you wanna be: http://forum.aumha.org/viewforum.php?f=30 ) register on the forum, post your issue and someone there will probably ask you to post your HiJack This log. After they examine it, they will give you instructions. FOLLOW THEM TO THE LETTER! Then run HiJack This and post the new log and repeat the cycle until all remnants of the virus are gone... This is if the machine is of uber importance. If it is just a personal box, then back up the my docs and other files (pix, mail etc...) and nuke it from orbit. The only way to truly be certain that a virus is gone is to wipe the drive. I know this is not happy news, but the virus can hide in the registry and after 123,485,245 keystrokes(or after XX number of days, or whatever...) it can reinfect by visiting a website in the background (you wouldn't even know) or launching randomly named file buried on your drive etc... However, if you are going to try to remediate it, then go to Aumha with hat in hand and plead... They know their stuff and they are good people. Remember though, they volunteer their time (like I am doing now) so be polite and they will help get you fixed up. Good luck! |
|
31 posts back to top |
| Posted 11 days ago Oh yeah, I forgot to mention that the specific .dll file probably (operative word here...) doesn't matter. Many modern viruses generate random names for their malicious little files to make it harder to identify and delete them. By simply deleting the file, odds are it will just regenerate itself, possibly under a different name. You see, viruses operate like application suites. There is different components and if the entire thing isn't completely ripped out, it can reinfect. Lovely, isn't it? |
