Results 1 to 4 of 4
  1. #1
    Member
    Join Date
    Jul 2006
    Posts
    2
    Points
    0

    Default help! Unrepairable virus!

    My security suite tells me I have an infected file (ipcdpo.dll) with something called W32/Downloader.abdt. When i try to delete or quarantine it it says it cannot be! Does anyone have any suggestions???// Thanks!

  2. #2
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    Download KILLBOX, extract it to your desktop.

    Open killbox.exe.

    First click on Tools>Delete Temp Files.
    A box will open with a list of all user profiles.

    Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.

    Temporary Internet Files
    Temp Files
    XP Prefetch

    If you want to clean your cookies, history, and list of recent files run you may check those boxes as well.

    Then, click on the Button titled "Delete Selected Temp Files".
    Exit by clicking the Button titled "Exit(Save Settings)".

    Once back into the main killbox program, check the box:

    Delete on Reboot

    Highlight the entry in the quote box below and then copy it.
    C:\Windows\System32\ipcdpo.dll
    Then in killbox click File>>Paste from Clipboard

    At this point the "All Files" button should be enabled so you can click it.
    Click the "All Files" button.

    Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes.

    A second message will ask to Reboot now? you will need to click Yes to allow the system to reboot.
    Note: Killbox will let you know if a file does not exist.

    When the system comes back up, please perform this online scan: F-Secure Online Scanner Next Generation Beta
    1. Click on the link "F-Secure Online Scanner Next Generation Beta".
    2. You may receive an alert on the address bar at this point to install the ActiveX control.
    3. Click on that alert and then Click Insall ActiveX component.
    4. Read the license agreement and click "Accept".
    5. Click "Full System Scan" to download the scanning components and begin scan and cleaning.
    6. When done click "Show report" and copy/paste its contents into your next reply.

    Also, please Click HERE to download a self extractable version of hijackthis. Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis. It will extract it to that folder and open the folder for you. It will also create a shortcut on your desktop to hijackthis.

    Double click the shortcut on your Desktop. Click "Do a system scan and save a logfile". Copy and paste the contents of that log back here in this thread too. Thanks!
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.

  3. #3
    Member
    Join Date
    Jul 2006
    Posts
    2
    Points
    0

    Default worked but still a problem

    Ok So I did all mentioned above and it worked to delete the virus but I still have the problem with the temporary internet files...when I click on the folder properties it says tht there are over 100,000 files in that folder but none of them are displayed so I can delete them. Is this a permanent effect of the virus? Any ideas!!!???? Thanks for your last replies!

  4. #4
    Member 1972vet's Avatar
    Join Date
    Mar 2006
    Posts
    275
    Points
    35

    Default

    I still have the problem with the temporary internet files
    Even after you've used the Killbox to delete all of your temp files? Did you delete all the temp files for each user account?

    ...when I click on the folder properties it says tht there are over 100,000 files in that folder but none of them are displayed so I can delete them.
    Click start-->control panel-->Internet Options.
    From there click the Settings button, then View Files. Here you should see the files listed. Click Edit from the top of the menu then click Select All (or highlight the ones you want to delete and you can keep here what you want to keep). Next, click File from the menu at the top, then click Delete

    You should post a fresh HijackThis log in the forum.
    Click HERE to download a self extractable version of hijackthis.

    Double click on the hjthis.exe then click "extract". It will be extracted automatically to it's own folder located here:
    C:\hijackthis

    This folder is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

    You can double click the icon that was placed on the Desktop to run hijackthis or you can use the icon inside the folder.

    Click Do a system scan and save a logfile. Copy and paste the contents of that log back here in this thread. Thanks!


    Since there has been no response for more than 10 days going to lock this topic- BG
    Disabled Veteran
    U.S.C.G.

    CastleCops Graduate 1st Responder

    Member:
    A.S.A.P.