Virus - believe w32.randex.e

  reburner57 11:06 30 Oct 2003
Locked

I am all up to date with my microsoft security updates (am running XP home) but obviously something got through before I updated as I have recently installed Avast anti-virus and it is telling me I have a virus in the form of win32sockdrv.dll.
If I ask Avast to delete it it can't find anything.

I found a reference to this file at symantec.com which says it is part of the w32.randex.e virus.

However I am having problems getting rid of it
based on the advice given here click here

For a start symantec says the file (win32sockdrv.dll) will be associated with the process winlogin.exe when in fact on my machine it is running as part of explorer.exe. Thus I cannot delete the file with explorer running.
Have tried deleting it from the command prompt in safe mode but this doesn't seem to work either.

Also the symantec link tells me all the registry entries that need to be deleted but when I delete them they just come back. (is this because I haven't managed to delete the win32sockdrv.dll file first ?)

Sorry for such a long post but hopefully that makes sense and someone can help.

  johnnyrocker 11:35 30 Oct 2003

if you are running xp did you disable system restore before cleansing? because that sounds like your prob to me.

cheers.


johnny

  reburner57 11:38 30 Oct 2003

Yep. I did disable system restore

  johnnyrocker 11:40 30 Oct 2003

shucks thats me shot down then;) try a free on line scan click here

johnny.

  reburner57 22:17 30 Oct 2003

The on line scan didn't show anything up.

Anyone got any ideas how I get rid of this ????

click here

and do an online scan here click here

  woodchip 22:28 30 Oct 2003

To remove click here

  reburner57 23:00 30 Oct 2003

Thanks for the responses guys. My problem had been that i couldn't follow the symantec advice because I couldn't delete the win32sockdrv.dll file. It was running as part of explorer so I killed explorer with a command prompt open then deleted the file using the command prompt but it always came back even with system recovery off.

Eventually solved it by opening regedit and a command prompt then killing explorer.exe then deleting the registry entries first (with system recovery turned off) then deleting the dll in the command prompt.

Rebooted and lo and behold it had finally gone.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

Best of the Grad Shows 2017: University of the West of England (UWE)

Best value Mac: Which is the best £1249 Mac to buy

Les meilleures GoPro 2017