cannot delete 8w32util.dll - access denied

From: DenoxiS (google_at_deniznet.com)
Date: 05/20/04

• Next message: subimal: "how to remove worm bluster virus"
• Previous message: Todd: "spyware adware hell"
• Next in thread: Br0wnbear: "Re: cannot delete 8w32util.dll - access denied"
• Reply: Br0wnbear: "Re: cannot delete 8w32util.dll - access denied"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 20 May 2004 10:06:51 -0700

Hi everybody,

Either I'm paranoid or I found a indestructable virus.

After all this virus cleaning with Nod32 and AdAware, I end up with
having all the hijacking/spyware symptoms right after every restart.

These two programs cannot delete one (or maybe two) particular dll
becuase it's used by another process. The name may vary but Nod32
reports as 8w32util.dll under Windows\System32. It's hidden, read only
and flagged as system file. I don't have this file on any other
computers so I think it's something I have to delete.

AdAware reports another dll in the same directory with another weird
name. I did manage to rename this one from command prompt, but still
cannot delete.

If I reboot in safe mode and run the cleaners, the result is the same.
If I reboot in safe mode command prompt only, change the HSR
attributes and try to delete with DOS commands, I get the same access
denied error.
 
When I look at the task manager in safe mode, there are a few
processes and they are all familiar system processes, so I'm wondering
about how this dll is being used. I tried regsvr32 /u to uninstall the
dll, but it didn't work.

Disk is in NTFS so I cannot boot with a DOS disk.

How to get rid of this annoying thing? I hope the virus technology is
not that advanced to spread in kernel level.

p.s. Claria was the only thing I didn't remove becuase the Gator is
used on this computer.

---

• Next message: subimal: "how to remove worm bluster virus"
• Previous message: Todd: "spyware adware hell"
• Next in thread: Br0wnbear: "Re: cannot delete 8w32util.dll - access denied"
• Reply: Br0wnbear: "Re: cannot delete 8w32util.dll - access denied"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: restore Cd how to use ... Cookies is what Adaware is good for. ... You should have some sort of virus protection installed. ... What you should do is join some news group that addresses this subject spy ... attacks your machine is getting daily. ... (microsoft.public.windowsxp.newusers) Re: CPU Usage at 100% ... Norton AntiVirus and AdAware; ran both (slow as hell with ... >I've got SpyBot & AdAware, ... >> not able to get online. ... >> My anti virus software had missed it (the virus had ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: Slow bootup ... For Startup items, go to Run, type "msconfig" and hit enter. ... The other option that comes to mind is if the virus, or some adware, left ... "Could not find *.dll" or something equally obvious. ... "Tony MS" wrote: ... (microsoft.public.windowsxp.general) RE: Slow bootup ... For Startup items, go to Run, type "msconfig" and hit enter. ... The other option that comes to mind is if the virus, or some adware, left ... "Could not find *.dll" or something equally obvious. ... "Tony MS" wrote: ... (microsoft.public.windowsxp.general) RE: variant of Win32/injector.BQ trojan >> HELP! ... The only way to get rid of it, is to run a Virus Scan in Safe Mode! ... NOD32 antivirus, all up to date and always running. ... Access to the web page was blocked by ESET NOD32 Antivirus. ... I have performed a full Antivirus and Windows defender scan, ... (microsoft.public.windows.vista.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)