Re: hlpl?



Panda_man,

Thank you! Thank you!
The DLL removal utility did the job. Ad-aware, AVG Anti-virus, AVG
Anti-spyware, and the SUPERAnti-Spyware Professional all report a clean
system.

Regarding the bit of installing SP2 on an infected computer, I don't
normally do that, but after three hours at the members home, and then
bringing the computer home and two more days of executing recommended
programs with no success, I felt that if the install didn't go well, then I
would do something that I haven't done in my volunteer service in 6 years -
a clean install.

Thanks to Paolo Monti, my record is still clean. I have never given up, but
this time I was about at the end of the line.

Chuck
"Panda_man" <Pandaman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:05D5F9D0-A2CB-4DD6-8E06-3445C531D329@xxxxxxxxxxxxxxxx
Hello Chuck

To start with , I would never install Service Packs on infected machines ,
moreover this is infected a lot , like a garden where you can just enter
and
pick up the virus/malware you wish ;) Anyway , if you have no problems
with
SP2 and the updates you are lucky man

Let's start with how to remove the DLL file -> easily . You can't remove
it
in Norton mode/Safe Mode because it is most likely injected into Windows
processes (exporer.exe) which load even in Safe Mode . Access denied ,
because you can't terminate something used by Windows (at least Windows
thinks this DLL is used by explorer.exe )

So , download UnDll - The DLL remoavl utility (author Paolo Monti )
http://www.nod32.it/tools/UNDLL.ZIP
Extract this archive and start the program . You'll open user friendly
interface , point the program that infected DLL
(c:\WINDOWS\SYSTEM32\hlpl.dll) and follow the instructions

The DLL should be removed now.

I would scan with Ad-Aware , Spybot S&D , Ewido , NOD32 , Panda ...so
follow
strictly the instructions here :
http://pandaman.my.contact.bg
http://pandaman.my.contact.bg/Gen_MRI.htm

Then don't forget to protect it

Good luck !
--
Panda_man
Silver level Contributor



"Chuck Davis" wrote:

Trying to remove viruses and other junk from a Club member's computer. I
have executed just about every virus, malware, adware removal program
that I
can find.
The member bought the computer years ago, but never activated the Norton
products. Never updated Windows, never... oh! never mind!

To prevent access to the Internet by the malware programs, I downloaded
and
installed the COMODO Firewall.
Ad-aware removed 51 malware programs.

Downloaded and installed AVG Anti-virus which found 65 viruses and healed
63, but cannot heal or quarantine this item.
Trendmicro's online scan gets to the file and aborts.

It is found at: c:\WINDOWS\SYSTEM32\hlpl.dll

I have attempted to simply delete it. The response is that "Access
denied...
may be 'Read Only""
I start up in Safe Mode, same results. Then I attempted to turn off the
Read
Only access to the SYSTEM32 folder, seemed to work for a few files, but
the
stopped at that particular .dll file with the "Access denied..." message.
I have started in Safe Mode With Command Prompt. Still can't delete the
file!

At this point, I installed Service Pack 2 and the 65 critical updates
since
SP2 was issued. Installed IE7. Ran Windows Live OneCare which found
several
additional viruses, but couldn't resolve this issue.
I have run SUPERAntispyware. Remove an additional 62 malware programs.

Still hlpl.dll survives?

All of this for a $20 donation that the member will donate to the club!

Any thoughts? How can I delete the .dll?






.