About Blank se.dll variant

**Curio** · March 14th, 2005, 19:57 PM

I did my first se.dll computer today and it is a bit of a git.
se.dll is loaded by a combination of files that pretend to be something else - the information here is from my own experience then later looking around techy forums for other similar views (it's pointless beforehand because so many ppl post guesses or rubbish).

2 loaders
c:\windows\system\xxxx.dll (xs are random letters in my case 0mab.dll) This shows up as text and an html filter in HJT.
c:\recycled\qxxxxxx.exe (didn't write it down random letters - looked like it could be a MS update except it shouldn't be in there) some ppl report it as c:\qxxxxxxx.exe

1 resource file
c:\windows\temp\se.dll (temp folder depends on OS - this was in Win98)

Se.dll is held open as a sub-process of rundll32.exe - you should terminate this first using Process Explorer or Task Manager.

Use hijackthis to identify the res file and the loaders then use killbox to delete on reboot using the replace with dummy option (just in case) for all three files. Once rebooted run HJT again and delete the registry run key.
Easy when u know how but the loaders re-install the res file and each other so you can't get at it normally.

Telltale sign is in add/remove programs - entry 'Search Assistant' don't try using the uninstall feature it actually re-installs it - I tried that.

I hope this helps someone out there in the interweb world.

March 14th, 2005, 19:57 PM	#1
Curio Triple Platinum Member Join Date: Nov 2004 Location: London Posts: 907	About Blank se.dll variant I did my first se.dll computer today and it is a bit of a git. se.dll is loaded by a combination of files that pretend to be something else - the information here is from my own experience then later looking around techy forums for other similar views (it's pointless beforehand because so many ppl post guesses or rubbish). 2 loaders c:\windows\system\xxxx.dll (xs are random letters in my case 0mab.dll) This shows up as text and an html filter in HJT. c:\recycled\qxxxxxx.exe (didn't write it down random letters - looked like it could be a MS update except it shouldn't be in there) some ppl report it as c:\qxxxxxxx.exe 1 resource file c:\windows\temp\se.dll (temp folder depends on OS - this was in Win98) Se.dll is held open as a sub-process of rundll32.exe - you should terminate this first using Process Explorer or Task Manager. Use hijackthis to identify the res file and the loaders then use killbox to delete on reboot using the replace with dummy option (just in case) for all three files. Once rebooted run HJT again and delete the registry run key. Easy when u know how but the loaders re-install the res file and each other so you can't get at it normally. Telltale sign is in add/remove programs - entry 'Search Assistant' don't try using the uninstall feature it actually re-installs it - I tried that. I hope this helps someone out there in the interweb world. __________________ I'm using Windows 7 - you got a problem with that? Last edited by Curio; March 15th, 2005 at 07:55 AM. Reason: left a bit out

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode