Le 4 mai 2021, la plateforme Yahoo Questions/Réponses fermera. Elle est désormais accessible en mode lecture seule. Aucune modification ne sera apportée aux autres sites ou services Yahoo, ni à votre compte Yahoo. Vous trouverez plus d’informations sur l'arrêt de Yahoo Questions/Réponses et sur le téléchargement de vos données sur cette page d'aide.
How to remove variant of WIN32/Obfuscated trojan in Win2000?
AVG and Kaspersky could not find it existed. It popup automatically an explorer to link to a certain website within a certain time. I scan Win2000 with NOD32. It said the file under \winnt\system32\efcBqpOE.dll was infected. This dll cannot be removed,delette because it said it was used by window at that time. I restarted in safe mode and scan with NOD32. This time NOD32 said it can be deletted,rename or isolated. After a reboot,error message was still existed. That means NOD32 could not fix it even it said DONE! I try to replace this infected dll but it was not existed in the Win2000 CD. How to remove it ? I knew format the disk is the last solution,however any smart way to delette it.
I can delette manually this dll after it was renamed by NOD32
but not the one has the proper name.
NOD32 warning message when scanning:
"System memory infection originated from file C:\winnt\system32\efcBqpOE.dll
efcBqpOE.dll infacts is a trojan hacker's software that placed inside Win32.
I compared with a healthy win2000 computer,its system32 did not contain the file called efcBqpOE.dll
Therefore,this dll should not require for win2000 and it was a hacker's trojan.
I use dos mode under win2000 to delette it but it refused to excute. It said file is used for other program. A dos win98 bootup disk is not good to access win2000 file under pure dos mode. And Win2000 did not provide any bootup disk in dos during installation process. Any bootup software in dos mode existed nowaday that is able to access win2000 files or xp files under dos instruction?
I think this is the only way to remove the hacker's file.
hacker's dll hides in the memory as win2000 is bootup and windows prevents this dll to be removed (file cannot be removed,changed or deletted when it is running).
1 réponse
- Anonymeil y a 1 décennieRéponse favorite
You should use an antivirus program and antispyware software, if your computer is now infected with viruses and/or spyware.
Here you have more information on computer security, as well as good and free programs that you can download into your computer:
The website list top ten the best and newest anti-spyware in 2008.
http://toptenantispywareviews.com/
All are safe and can be trusted and you can download one.