Results 1 to 9 of 9

Thread: Cannot delete or rename trojan.

  1. #1
    infested Guest

    Default Cannot delete or rename trojan.

    I'm using the Zone Alarm Security Suite 7. It found a trojan named Trojan.Win32Agent.sdb in the path WINDOWS\System32\urqPilxV.dll. It's unable to delete or rename it. I've been halted to about a 2min. wait for every mouse click because of all kinds of processes going on in the background (mostly Zone Alarms scan process). Since this initial virus, it's either created, or invited others to join in on the fun. I'm at my wits end; I've tried to delete it in safe mode, but I obviously lack the knowledge to complete the task out of fear of doing more harm than the virus. Please help!! Thanks in advance.

    Infested

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Cannot delete or rename trojan.

    Start again in the safe mode.
    Open the registry (Start > Run > type in regedit > ok).
    Open the Find found in the View of the toolbar of the resgistry.
    Type in urqPilxV.dll
    It more than likely will appear in the right panel - delete any key with urqPilxV.
    It may appear in the Run and similar types of the Run.
    Delete it's mention in those as well.
    Just keep using the Find to find the next key involved until all are removed.
    If the windows complains and shows the permissions are not correct for deletion, then right click the main key above the lower key involved and open the Permissions and check the items in the left column and apply and ok - now the registry key can be deleted.
    After the Find has no more keys and it has been purged from the registry, then completely shut down the PC.

    Wait a few minutes before starting the windows once again in the safe mode.
    Make sure it is the administrator account that is signed in, not any user accounts.
    Now try to delete the urqPilxV.dll
    If the file does not delete, then open the Properties found in the right click.
    Open the advanced and use the permissions to allow your self full permissions for control.
    Once the file is deleted, immediately empty the recycle bin.
    Then immediately do full antivirus and any other scanners, while still in the safe mode.
    Delete all found by the scanners.
    Reboot back to the normal mode.

    Oldsod.
    Best regards.
    oldsod

  3. #3
    infested Guest

    Default Re: Cannot delete or rename trojan.

    Thank you so much. I'm gonna give it a try now.

  4. #4
    infested Guest

    Default Re: Cannot delete or rename trojan.

    Unfortunately, I'm in safe mode now, and regedit can't seem to find it. I can find it
    through it's path, but still can't seem to do anything with it. So I'm tryin to look for it manually in regedit looking through all the HKEYs.

  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Cannot delete or rename trojan.

    Use these variables, Look at "keys", "values" and "data"
    Uncheck the "match whole string only" box.

    Looking manually is not so accurate.

    http://www.governmentsecurity.org/ar...eonstartup.php


    Oldsod.

    Message Edited by Oldsod on 06-30-2008 07:19 PM
    Best regards.
    oldsod

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Cannot delete or rename trojan.

    Maybe try to unregister the .exe using the command prompt:

    c:\>"C:\WINDOWS\System32\urqPilxV.dll" /UNREGSERVER

    it might work.
    Oldsod.
    Best regards.
    oldsod

  7. #7
    infested Guest

    Default Re: Cannot delete or rename trojan.

    What's odd, is that no matter what kind of search I do(regedit find, windows search etc...), I get the same responce... Nothing. Yet I can physically go right to the file myself. Even the UNREGSERVER tells me that "The system cannot find the path specified."

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Cannot delete or rename trojan.

    Try this two freeware scanners:

    http://www.superantispyware.com/

    http://www.emsisoft.com/en/software/free/

    see if help you.
    Oldsod.
    Best regards.
    oldsod

  9. #9
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Cannot delete or rename trojan.

    While in the safe mode, you changed the file's permissions or changed to not to execute - that not read/write or not execute should stop it.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •