# ernel32.dll Virus Removal



## AphexDreamer (Aug 2, 2010)

I've googled this and followed the steps I found to remove it and it still comes back. I can't surf the net because of this Trojan. 
I've ran malware bytes and it too can't remove it. I've tried Safe Mode manually deleting it and it still comes back. Right now I'm running super spyware removal to see if it can remove it.

Anyone ever had this or know how to get rid of it?

The virus is on a Laptop running windows xp.


----------



## 95Viper (Aug 2, 2010)

I know this is going to sound weird, but re-set your router.  Then run Malwarebytes and see if it detects anything.

Got the idea from this thread - post 30:TDSS remnants - ERNEL32.DLL removal help please, Remnants of infection pop up on MBAM but aren't found in scan

Let us know how it works.


----------



## AphexDreamer (Aug 2, 2010)

95Viper said:


> I know this is going to sound weird, but re-set your router.  Then run Malwarebytes and see if it detects anything.
> 
> Got the idea from this thread - post 30:TDSS remnants - ERNEL32.DLL removal help please, Remnants of infection pop up on MBAM but aren't found in scan
> 
> Let us know how it works.



But this came from another house. Its not my laptop so this is a whole new router and internet connection for the laptop. 

Super Anti Spyware remover found threats as well and removed it but it was still there on reboot in system 32. It also won't let me launch certain .exe's.


----------



## Mussels (Aug 2, 2010)

try kasperskys 30 day trial.

malware bytes aint designed for antivirus, its just a spyware remover and nowhere near as good as a real AV.


----------



## streetfighter 2 (Aug 2, 2010)

combofix?  If you've never used combofix before this is a good place to start.

MBAM is actually pretty weak in my experience and I use it mostly to let me know if somethings wrong, rather than to fix it.  If something is messed up I switch to the hard stuff like manual removal and combofix.

A trick that works for me often enough is if you can gain complete control of the dll in question start by deleting it, then create a blank file named with the same name as the dll, then manually edit the permissions to prevent anyone (including yourself) from r/w/e.  This has worked for me countless times when I just needed to get a virus to stop bugging me while I figured out what was spawning it.


----------



## 95Viper (Aug 2, 2010)

Hmmmm... Is it connected to a wired or wireless connection now?

Use the repairs under preferences in Superantispyware to reset all ie explorer and hi-jack related problems.  Run it again.  And, make a bootable usb\cd and run this portable version from it.

That ernel32 virus is a form of rootkit.  Nasty little bugger.  Try this to:Malicious Software Removal Tool
Download here: Microsoft® Windows® Malicious Software Removal Tool (KB890830)

Also, try these, Avira Antivir Rescue System(iso) or Avira AntiVir Rescue System(exe)
Or\And, Kaspersky Rescue Disk 10

If all else fails combofix(A guide and tutorial on using ComboFix) or re-install the OS.

Sorry, a little slow in typing.


----------



## AphexDreamer (Aug 2, 2010)

streetfighter 2 said:


> combofix?  If you've never used combofix before this is a good place to start.
> 
> MBAM is actually pretty weak in my experience and I use it mostly to let me know if somethings wrong, rather than to fix it.  If something is messed up I switch to the hard stuff like manual removal and combofix.
> 
> A trick that works for me often enough is if you can gain complete control of the dll in question start by deleting it, then create a blank file named with the same name as the dll, then manually edit the permissions to prevent anyone (including yourself) from r/w/e.  This has worked for me countless times when I just needed to get a virus to stop bugging me while I figured out what was spawning it.



Yeah I did Combo fix and got rid of it. Now however Combo fix has messed up my internet connection. 

I can't seem to get an IP. Typing IPconfig in CMD results in access denied. 

Now to fix this and the laptop should be good.


----------



## 95Viper (Aug 2, 2010)

Did you try this: Repairing network connections


----------



## AphexDreamer (Aug 2, 2010)

95Viper said:


> Did you try this: Repairing network connections



It also says 

unable to open registry key for TCPIP

So I think the issue is deeper but I will try that. 

I also tried WinSOC fix but that didn't do the trick either. :/

EDIT: That didn't work.

reading here they suggest its a driver issue. I think I remember the Combo fix deleting a driver something .sys


----------



## 95Viper (Aug 2, 2010)

You are using wireless, I assume, so go to your hardware device manager and check the wireless devices. You may need to update or re-install a driver or two.


----------



## AphexDreamer (Aug 2, 2010)

95Viper said:


> You are using wireless, I assume, so go to your hardware device manager and check the wireless devices. You may need to update or re-install a driver or two.



Its installed.

I just tried doing this.

http://www.electrictoolbox.com/reinstall-tcpip-windows/


----------



## AphexDreamer (Aug 2, 2010)

Now device manger says the hardware is there but Windows Wireless Network manager say the hardware isn't. I could do all but the last time following that TCIP IP reinstall guide and that was uninstall Internet protocol TCP/IP. It just hides the uninstall button.


----------



## 95Viper (Aug 2, 2010)

As a side note you might want to run, in a (administrative)command prompt, the command "sfc /scannow" that is without the quotes; and, a space between the "c" and "/".  To check your system files and repair any that may have been changed or altered, just to be on the safe side.

Edit: I had already started typing, before your post...

Have you re-booted yet?

I can't re-call to well on xp, but I believe you can un-install and install the protocols in the add\remove programs-add\remove components.


----------



## AphexDreamer (Aug 2, 2010)

I'm good guys thanks. Did win sock and uninstalled Wireless NIC drivers. Worked upon reinstall.


----------

