locked
One care fails to quarantine or remove virus RRS feed

  • Question

  • Onecare detects 'bzub.gb.dll' trojan virus located at \windows\system32\comaddi.dll. Repeated attempts to delete this virus have failed and I can not manually delete the comaddi.dll file. It appears to be associated with Internet Explorer as OneCare will pop up an alert message indicating the detection of the virus when IE starts up. I have already attempted many things that I have found on this forum including scanning in safe mode. Any help would be greatly appreciated.

    Tuesday, March 4, 2008 7:34 AM

Answers

All replies

  • try to manually delate file in safe mode, first have to made backup and then try to delete it!

     

    Tuesday, March 4, 2008 3:02 PM
  •  

    I have already tried to manually delete the infected file in safemode. I was not able to delete or modify this file in any way. I have also ran Onecare from a command line prompt in safe mode and it will find the file but not delete it. Thanks for the suggestion.
    Tuesday, March 4, 2008 9:12 PM
  •  

    If you are persuaded that that file is really virus, you can delete it also from recovery console, boot from Windows CD and in first step choose repair installation with recovery console, then go to folder where is that file and just delete it.
    Tuesday, March 4, 2008 9:34 PM
  • Since OneCare is detecting, but not completely removing this malware, follow the instructions in this post, http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=662566&SiteID=2, to report a virus that is not cleaned by OneCare and to get help in removal.

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

    -steve
    Saturday, March 8, 2008 12:14 AM
    Moderator
  •  

    I was finally able to boot to a command prompt via a system restore disk. I then deleted the file that Onecare reported as the suspect virus. I then rebooted in safe mode and performed a virus scan via the command mode. Much to my relief the report came back clean. I have been running since then and so far have not seen any ill side effects left over from the virus. This has been a fustrating experience. Also just as a side note, I ran the both Spybot and Mcafee free scans to see if they would do better than Onecare. To my surprise neither one of those packages even found the virus. It's just to bad Onecare can't remove the bugs as good as it can detect them. Thanks for your responses.
    Saturday, March 8, 2008 6:46 AM