Well I keep on getting this file in my windows/ temp folder. Its called SE.dll and it keeps on installing itself after i delete it. I just scaned my computer for viruses using Avast and it came back. It makes pop ups come up saying spyware is in my computer. Its quite annoying. What should i do.
Technology Virus Help
- Thread starter imported_MAKaveli_10
- Start date
It's Spyware. If you don't have any spyware progs, check the knowledge base. If you do, update them and run them. Download HijackThis too, and post your log.MAKaveli_10 said:
Get In The Van I Have Candy
Well-Known Member
Have you used the quarantee option in Adaware. I know on the pro version of Adaware once you log it in as spyware it never comes back.
One trick you could do which is very clever is this**: Click on properties the SE.dll and change the settings to read only. That way it won't execute itself. Also, for that added effect, try moving it from the windows/temp folder, that may work it treat.
**This sometimes works with quite a few .dll files and sometimes it doesn't. So I'm not promising anything. Good luck.
**This sometimes works with quite a few .dll files and sometimes it doesn't. So I'm not promising anything. Good luck.
Looots of stuff to get rid of. Remove the following.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://64.124.210.131/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-everything.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - file://C:\WINDOWS\TEMP\WZSF281.TMP\swicdad.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
Unsure about these, I'll ask around. Leave them for now.
O2 - BHO: Class - {188BCF6F-8B98-2D7A-2B7B-57FB0AF76EAF} - C:\WINDOWS\SYSTEM\APITL.DLL
O2 - BHO: (no name) - {3F39C922-A3B5-11D9-91CC-000F002B9ED0} - C:\WINDOWS\SYSTEM\GJKE.DLL
O18 - Filter: text/html - {3F39C921-A3B5-11D9-91CC-000FF0F900A7} - C:\WINDOWS\SYSTEM\GJKE.DLL
O18 - Filter: text/plain - {3F39C921-A3B5-11D9-91CC-000FF0F900A7} - C:\WINDOWS\SYSTEM\GJKE.DLL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://64.124.210.131/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://64.124.210.131/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-everything.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - file://C:\WINDOWS\TEMP\WZSF281.TMP\swicdad.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
Unsure about these, I'll ask around. Leave them for now.
O2 - BHO: Class - {188BCF6F-8B98-2D7A-2B7B-57FB0AF76EAF} - C:\WINDOWS\SYSTEM\APITL.DLL
O2 - BHO: (no name) - {3F39C922-A3B5-11D9-91CC-000F002B9ED0} - C:\WINDOWS\SYSTEM\GJKE.DLL
O18 - Filter: text/html - {3F39C921-A3B5-11D9-91CC-000FF0F900A7} - C:\WINDOWS\SYSTEM\GJKE.DLL
O18 - Filter: text/plain - {3F39C921-A3B5-11D9-91CC-000FF0F900A7} - C:\WINDOWS\SYSTEM\GJKE.DLL
also when i go onto internet explorer. It goes to a blank page and then a pop comes up telling me that i have spyware. but i think it comes from se.dll
That's because you have a browser hijacker. Have you removed what I told you to remove?MAKaveli_10 said:
With regards to the other entries, I would delete them but make a backup.
I've never seen them in a log before and they don't show up in a web search, implying to me that they're not common, benign files.
Malware often generates randomly-named files, and because you are infected with spyware that's probably the case.
Donate
Back in the day, we used to recieve donations sent as cash in fake birthday cards! Those were the days! I still have some of them, actually.
Now we have crypto.
Ethereum/EVM: 0x9c70214f34ea949095308dca827380295b201e80
Bitcoin: bc1qa5twnqsqm8jxrcxm2z9w6gts7syha8gasqacww
Solana: 8xePHrFwsduS7xU4XNjp2FRArTD7RFzmCQsjBaetE2y8
Now we have crypto.
Ethereum/EVM: 0x9c70214f34ea949095308dca827380295b201e80
Bitcoin: bc1qa5twnqsqm8jxrcxm2z9w6gts7syha8gasqacww
Solana: 8xePHrFwsduS7xU4XNjp2FRArTD7RFzmCQsjBaetE2y8
Members online
No members online now.