Trojan. DL. win32.hmir. HL's removal method uses the trojan virus that drives services.

Source: Internet
Author: User
The trojan that took me a day to solve is really hard to find.

1. We found that the c: \ windows \ system32 \ 30pzg8d. dll file was infected with Trojan. DL. win32.hmir. HL but it could not be deleted, so we had to force it through the ice blade icesword.

3. Restart after deletion. rundll prompts that the 30pzg8d. dll module cannot be found, indicating that there are services or startup items that are calling 30pzg8d. dll.

4. Search for rundll and other items in the icesword Startup Group. No exception is found after thorough troubleshooting.

5. msconfig is not found, so where is it hidden?

6. You can see the services andProgram. You can use the Sreng (System Repair Engineer) startup project to find two types of services: Win32 service application and driver. The Win32 service is the system service we generally see, and the service provided by the driver is generally not seen. In the Sreng driver service, we found a xy6pchlxf. the sys service is a little weird. Find the directory c: \ windows \ system32 \ drivers of this file and right-click it to view the properties of this file. The problem may occur here, then delete xy6pchlxf. sys, which cannot be deleted. It is forcibly deleted on the ice blade icesword, and then deleted using Sreng xy6pchlxf. SYS: after the service is restarted, rundll prompts that 30pzg8d cannot be found. the DLL module dialog box is missing. Go to Sreng to find the service and delete it again. Then, search for xy6pchlxf in the registry, delete all related items, and restart. OK

7. Conclusion: This trojan is not easy to find from previous viruses, and is generally in the Startup Group of the Registry. It is a service provided by a driver to start this trojan. After the trojan is deleted, rundll reports an error, and rundll starts many programs, which are not easy to find. Using the icesword and Sreng (System Repair Engineer) tools is indeed helpful for system repair. Force deletion of the icesword on the ice blade is of considerable interest, and is more reliable than the crushing file of rising. Of course, Rising antivirus software can check the virus, but it cannot delete 30pzg8d. dll, and xy6pchlxf. sys, which indicates that the function remains to be improved.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.