Results 1 to 1 of 1

Thread: About Blank se.dll variant

  1. #1
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899

    About Blank se.dll variant

    I did my first se.dll computer today and it is a bit of a git.
    se.dll is loaded by a combination of files that pretend to be something else - the information here is from my own experience then later looking around techy forums for other similar views (it's pointless beforehand because so many ppl post guesses or rubbish).

    2 loaders
    c:\windows\system\xxxx.dll (xs are random letters in my case 0mab.dll) This shows up as text and an html filter in HJT.
    c:\recycled\qxxxxxx.exe (didn't write it down random letters - looked like it could be a MS update except it shouldn't be in there) some ppl report it as c:\qxxxxxxx.exe

    1 resource file
    c:\windows\temp\se.dll (temp folder depends on OS - this was in Win98)

    Se.dll is held open as a sub-process of rundll32.exe - you should terminate this first using Process Explorer or Task Manager.

    Use hijackthis to identify the res file and the loaders then use killbox to delete on reboot using the replace with dummy option (just in case) for all three files. Once rebooted run HJT again and delete the registry run key.
    Easy when u know how but the loaders re-install the res file and each other so you can't get at it normally.

    Telltale sign is in add/remove programs - entry 'Search Assistant' don't try using the uninstall feature it actually re-installs it - I tried that.

    I hope this helps someone out there in the interweb world.
    Last edited by Curio; March 15th, 2005 at 06:55 AM. Reason: left a bit out
    I'm using Windows 7 - you got a problem with that?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •