dl.exe virus

Status
Not open for further replies.
B

bjgolf

New member
Feb 4, 2007
215
1
0
Ohio
Hello,

Was looking for some help. My older sister owns a hair salon, and her POS computer got the dl.exe virus. It took out her internet so no credit card pros. I have been reading alot about this and I guess it keeps spreading and eventually wipes out all .exe's. I am running over tonight to help her out, anyone had this before? Since there is no internet we can't download defender or anything like that, I was thinking of buying SpySweeper and trying that.

Any help would be greatly appreciated!
 


If you have Symantec, try this: Remove dl.exe

If not, disable your windows system restore, restart in safe mode, search for dl.exe, delete it. Kill the process if needed.
Delete it from startup, if it is there.
Go to regedit and delete everything with dl.exe (keys AND values)
Delete syslogin.exe from here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Close
Restart, and see what happens.
Edit: keep a registry backup. Also, don't edit registry if you don't know what you are doing. Ask someone else.
 
I had a nasty little malware sent to me from a hack forum I frequent.
Nasty little bastard was designed to wipe any and all externally mounted drives... Takes out backups, takes out SD and USB discs currently in their slots, takes out your PDAphone and Mp3 player...
The computer itself is left fine so you don't realise until you attempt to load something off one of them. Like I said, a real bastard of an app. Not really a virus though as it's not self replicating, just background-self-installing if it can get past your firewall.

Good thing I do DVD backups as well....
 
The great thing about computers is that (assuming your sister was smart enough to keep regular external backups) you can re-install your OS in less than an hour. I hate dealing with antiviruses that either don't work or use up a noticeable about of memory.

Just use whatever Windows CD you have laying around, or better yet make an upgrade to Gentoo Linux (my personal favorite distro).
 
Thanks for all the help guys!
@jill domains

ok so when I was in regedit i couldn't find this; Delete syslogin.exe from here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

So I ran a search in the command prompt and still nothing.

First I found where the dl.exe was, deleted those, tried looking for syslogin.exe and again nothing. So I simply restarted and it recreated itself. Any more ideas?

It allows IE to work for like 5 minutes, and since it is just a point of sale computer really nothing else is on it. However, I was able to download windows defender, and bought spy sweeper, ran those about 5 times each and nothing happend.
 
1. Did you do EVERYTHING in SAFE MODE?

2. Did you DISABLE system restore, before everything?

3. In regedit, did you mean you did not find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run? Or did you mean you didn't find dl.exe?
 
Yes, I did everything in safe mode, I deleted it, however I can't find it in the registry run key. I didn't disable system restore, so I will give that a try tomarrow morning.

Thank you for your help!
 
avast is a really good free antivirus. store bought stuff is crap compared to avast.
 
Status
Not open for further replies.
Top Bottom