Got a virus, removed it, but what is this .dll?

Flogger23m

[H]F Junkie
Joined
Jun 19, 2009
Messages
14,319
Got what I think is called the Vundo/Antivir Solution Pro virus yesterday. I had it a month ago, and must not have removed it completely... so I got it again yesterday.

So I went through the stickied thread again, I did a more thorough scanning.

I am pretty sure I deleted it this time, but i have one issue now:

At start up in Vista (non-safe mode), I get an error saying that addwp.dll can not start. What is this .dll, and how do I repair it if I need it?






As those interested in what I did, I did the following:


1) I noticed my PC was running a bit slow. So I figured I'd scan the Windows folder with Avira Free. Left it alone while it was scanning, and came back. It had found 10 or so infected files/trojans, and the Antivir Solution Pro virus popped up. I let Avira finish, and removed what it found.


2) Then went into safe mode, and deleted all the registry items and did everything else listed here:

http://www.spywareremove.com/removeAntivirSolutionPro.html

I restarted into Windows. All seemed fine.

3) I then scanned the Windows and Users folder with Malwarebytes. Found some stuff, and deleted them.

Then did the same with AVG and Super Anti Spyware Free, both came out clean.

Then I scanned the entire system with Spybot S&D. Found the following:

Adware.Adshot
Trojan Adware x 2

Hkey_Local_Machine\Software\Microsoft\CurrentVersion\run\Enipijo

Hkey_Local_Machine\Software\\avsuite


anezehujojolowu.dll

Deleted all the files fine.

4) Turned off system restore.

5) Went back into safe mode. Before I could go into Safe Mode, Spybot automatically did a 2nd scan.

6) Now I am in safe mode, and ran Avira and Malwarebytes over night, scanned the entire system.

Malwarebytes found some junk, deleted that. Avira came clean (maybe Malwarebytes found them first).

Ran Spybot a 3rd time in safe mode. Came clean.

Then I scanned the Windows folder in safe mode with AVG, came clean.

7) Booted back to normal Vista mode, and got the missing addwp.dll. Any insight on what this is would help.





What I will do next:

1) Run ESET online scanner, doing so at the moment.

2) Install and run Sophos anti rootkit (shall I do this in safe mode?).

3) Run rkill?

4) Full system scan with Super Anti Spyware and AVG Free in safe mode.

5) Run Combofix?
 
Have you run ccleaner yet? Run the cleanup and registy fixed two times and reboot. I'm guessing that dll file was a part of the vundo and something is still trying to call to it.
 
Going to run CC sometime today.

Can't find much about the dll on google.

Edit: Just ran CC. The error does not show up anymore.
 
Last edited:
Are you running AVG and Avira? You should choose one and unistall the other, running two AV at the same time is not a good idea. Rkill won't help you at all here and as long as you can actually run SAS and some form of AV in regular mode then I wouldn't bother with safe mode (safe mode is best for when the program won't even run, or it freezes). You could possibly run combofix, beware it is a powerful tool though.
 
Ok, I'll skip rkill. Mbam, SAS, Avira ect. runs fine in normal Windows.

I'll try Combofix then. Never ran it before, any tips on how to use it? Is it pretty straight forward?

I'll disable AVG to, or should I uninstall it completely?
 
eh, look at your program files directories, windows, system, system32
view details and add a new column, file created date
you can probably delete every folder created after you were originally infected
you probably have crap hiding there.
 
always run ccleaner after you run malwarebytes or superantispyware. there is usually stuff left over after an infection is cleaned and ccleaner does a nice cleanup job!
 
Ok, I'll skip rkill. Mbam, SAS, Avira ect. runs fine in normal Windows.

I'll try Combofix then. Never ran it before, any tips on how to use it? Is it pretty straight forward?

It is fairly straight forward, but here is a guide just in case.

Combofix Guide

Just remember, this isn't your typical malware program like mbam or SAS, combofix is extremely powerful, if you don't feel comfortable using it then don't. That being said, combofix is usually the end-all fix-all tool.

Uninstall it..AVG stinks, use one good AV program like AntiVir, or MSE.

^This.
 
Ok, I will give Combo fix a try. That guide makes it look manageable.

Ran CC to. Fixed the missing dll issue.

I'll uninstall AVG. But should I keep both Mbam and SAS installed, or should I only choose one or the other?
 
Back
Top