Thursday, September 17, 2015

Remove Temp folder .dll Viruses

How to Remove instal.ico + temp folder + iintect.dll + Thread Timer.dll + System.dll + WixMedia


I start with the install.ico that is related to a folder near it having the contents "div6F45.tmp" and its files: "intect.dll + Thread Timer.dll + System.dll

These Trojan Spies files are related to a database program called  WixMedia that is active in Windows task manager as iexplorer_monitor.exe

The folder cannot be deleted, and each time the user deletes it in safe mode or using a boot program like Linux, it changes its name  to something like:

"nsf8AC2", "nspA1DA", "nsvA6DA", and as much as the user deltes it, it keeps changing automatically. In my case I reached the name "div6F45.tmp"

First Step:

To delete the Virus, and the only way I found which is not written on any place on the internet is this:
Click Ctrl + Alt + Del and End Process for iexplorer_monitor.exe
on Win 7 Click Ctrl + Alt + Del and choose from the blue screen (stand by screen) Start Task Manager and from the Processes tab choose iexplorer_monitor.exe, and End Process

The Second Step:

I go to C:\Users\Your Name\AppData\Local\WixMedia
in my case was C:\Users\Simon\AppData\Local\WixMedia

Note: You need sometimes to check on Show Hidden Files and folders only once to see AppData from Folder Options.

If you notice you will see an icon inside the folder having the same icon as the install.ico file that means we are on the correct track

Now delete this folder WixMedia, then restart your computer.

Then go to C:\Users\Your Name\AppData\Local\Temp
and delete everything in Temp folder except for the system file FXSAPIDebugLogFile

After that restart again and the virus is out, and the only remaining in the temp folder will be this folder "div6F45.tmp" that I could not delete, but don't worry, it is empty, and spy danger is over. That's it

If you want some info about the .dll files, you cannot find, because their origin is:

PE32 executable (DLL)
MIME Type: application/x-dosexec

File Type: MS Windows icon resource - 1 icon
MIME Type: application/octet-stream

Reference: The only reference I found after knowing the type of the virus that took a lot of   effort is this link: http://processchecker.com/file/iexplore_monitor.exe.html

Uploaded in  28/9/2013
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)