Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and the Yahoo Answers website is now in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

Trending News

Promoted
異域秦後人
Lv 7
異域秦後人 asked in Computers & InternetSoftware · 1 decade ago

How to remove variant of WIN32/Obfuscated trojan in Win2000?

AVG and Kaspersky could not find it existed. It popup automatically an explorer to link to a certain website within a certain time. I scan Win2000 with NOD32. It said the file under \winnt\system32\efcBqpOE.dll was infected. This dll cannot be removed,delette because it said it was used by window at that time. I restarted in safe mode and scan with NOD32. This time NOD32 said it can be deletted,rename or isolated. After a reboot,error message was still existed. That means NOD32 could not fix it even it said DONE! I try to replace this infected dll but it was not existed in the Win2000 CD. How to remove it ? I knew format the disk is the last solution,however any smart way to delette it.

I can delette manually this dll after it was renamed by NOD32

but not the one has the proper name.

NOD32 warning message when scanning:

"System memory infection originated from file C:\winnt\system32\efcBqpOE.dll

efcBqpOE.dll infacts is a trojan hacker's software that placed inside Win32.

Update:

I compared with a healthy win2000 computer,its system32 did not contain the file called efcBqpOE.dll

Therefore,this dll should not require for win2000 and it was a hacker's trojan.

I use dos mode under win2000 to delette it but it refused to excute. It said file is used for other program. A dos win98 bootup disk is not good to access win2000 file under pure dos mode. And Win2000 did not provide any bootup disk in dos during installation process. Any bootup software in dos mode existed nowaday that is able to access win2000 files or xp files under dos instruction?

I think this is the only way to remove the hacker's file.

hacker's dll hides in the memory as win2000 is bootup and windows prevents this dll to be removed (file cannot be removed,changed or deletted when it is running).

1 Answer

Relevance
  • Anonymous
    1 decade ago
    Favorite Answer

    You should use an antivirus program and antispyware software, if your computer is now infected with viruses and/or spyware.

    Here you have more information on computer security, as well as good and free programs that you can download into your computer:

    The website list top ten the best and newest anti-spyware in 2008.

    http://toptenantispywareviews.com/

    All are safe and can be trusted and you can download one.

Still have questions? Get your answers by asking now.