Avast says it detected WINACPI.DLL in my system’s memory and to restart and do a scan before rebooting before the virus starts. I did this and clicked delete but after rebooting it’s still detecting this file. I tried turning off system restore and rescanning and deleting it and that didn’t help. What the virus is doing is when I try browsing web pages it’ll sometimes send me to ad sites instead… how do I remove this if Avast can’t completely remove it?
It appears you have at least 1 Trojan on your computer;
therefore I recommend you use a good & FREE program
like “Ewido” from www.ewido.net/en ( if you have Win
2000 or XP O/S ) or “A-squared” from
www.emsisoft.com/en/software/free ( other than Win 2000
or XP O/S ). These 2 programs “specialize” in removing
trojans, worms, dialers, etc .
Hi chilly009,
Look here for this BHO: http://vil.nai.com/vil/content/v_130135.htm
A tool that can help in these cases to remove this stuff is
toolbarcop. Get it from here:
http://www.snapfiles.com/get/toolbarcop.html.
polonus
avast! is rubbish at removing malware which installs itself as a service because the service will start even before the boot time scan. Kill the service by deleting the registry entry:
Windows NT/2000/XP/2003In Windows NT/2000/XP/2003 you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type ‘Regedit’ and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the ‘Registry’ menu, click ‘Export Registry File’. In the ‘Export range’ panel, click ‘All’, then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
spoolsvr32
%SYSTEM%\csmss32.exeand delete it if it exists.
Close the registry editor.
For the future, give yourself a fighting chance and don’t allow this to get established, a service in order to run needs permissions.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.