Trojan xlibgfl254.dll removal?

Discussion in 'Computer Security' started by Quercus Robur, Apr 1, 2007.

  1. A friends computer is infected with some trojan. At boot up McAfee reports
    that image xlibgfl254.dll is not valid. I have checked elsewhere for
    removal instructions and seem to have two choices. Edit the registry, which
    I am reluctant to do, or use a program from Previx, who I have never heard
    of. Does any one know how to remove the trojan? Apparently McAfee can not.

    Thanks,
    Martin
    Quercus Robur, Apr 1, 2007
    #1
    1. Advertising

  2. From: "Quercus Robur" <>

    | A friends computer is infected with some trojan. At boot up McAfee reports
    | that image xlibgfl254.dll is not valid. I have checked elsewhere for
    | removal instructions and seem to have two choices. Edit the registry, which
    | I am reluctant to do, or use a program from Previx, who I have never heard
    | of. Does any one know how to remove the trojan? Apparently McAfee can not.
    |
    | Thanks,
    | Martin
    |

    Prevx is excellent. You can download the free removal tool here...
    http://free.prevx.com/

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Apr 1, 2007
    #2
    1. Advertising

  3. Quercus Robur wrote:

    > A friends computer is infected with some trojan. At boot up McAfee
    > reports that image xlibgfl254.dll is not valid.


    So, why do you think this would be a trojan horse?

    > I have checked elsewhere for removal instructions and seem to have two
    > choices. Edit the registry, which I am reluctant to do, or use a
    > program from Previx, who I have never heard of.


    What a bullshit. None of these is a solution.

    > Does any one know how to remove the trojan?


    Ehm... flatten and rebuild? How else?
    Sebastian Gottschalk, Apr 1, 2007
    #3
  4. David H. Lipman, Apr 1, 2007
    #4
  5. Quercus Robur

    JAB Guest

    David H. Lipman wrote:
    > From: "Sebastian Gottschalk" <>
    >
    >
    > |
    > | Ehm... flatten and rebuild? How else?
    >
    > Yeah, and use a sledgehammer to kill flies as well.
    >


    Gottschalk never and I repeat never gives useful advice. As far as I can
    see his whole purpose of being on this NG is to demonstrate that he
    'knows' more about security than anyone else. Unfortunately a) it's
    blinding obvious that he does even know the basics and b) he acts like a
    complete unhelpful prat to anyone who ventures into this NG.
    JAB, Apr 1, 2007
    #5
  6. From: "JAB" <>


    | Gottschalk never and I repeat never gives useful advice. As far as I can
    | see his whole purpose of being on this NG is to demonstrate that he
    | 'knows' more about security than anyone else. Unfortunately a) it's
    | blinding obvious that he does even know the basics and b) he acts like a
    | complete unhelpful prat to anyone who ventures into this NG.

    On the contrary, Sebastian Gottschalk did give good advice "once" (and no this isn't an
    April fools day comment) out of his numerous replies.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Apr 1, 2007
    #6
  7. Quercus Robur

    Leythos Guest

    On Sun, 01 Apr 2007 13:54:59 +0000, David H. Lipman wrote:
    >
    > On the contrary, Sebastian Gottschalk did give good advice "once" (and no
    > this isn't an April fools day comment) out of his numerous replies.


    Yea, I have to agree, VB, SG, they are the most positive wealth of
    information in this group, never giving bogus information, always giving
    details that the people can clearly understand, always more than enough
    information to anyone that has questions - oh, and they are always so very
    polite and helping to anyone.

    ..

    ..

    ..

    ..

    ..

    April Fools - Ha Ha Ha


    --
    Leythos
    (remove 999 for proper email address)
    Leythos, Apr 1, 2007
    #7
  8. Quercus Robur

    Todd H. Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

    > From: "JAB" <>
    >
    >
    > | Gottschalk never and I repeat never gives useful advice. As far as I can
    > | see his whole purpose of being on this NG is to demonstrate that he
    > | 'knows' more about security than anyone else. Unfortunately a) it's
    > | blinding obvious that he does even know the basics and b) he acts like a
    > | complete unhelpful prat to anyone who ventures into this NG.
    >
    > On the contrary, Sebastian Gottschalk did give good advice "once" (and no this isn't an
    > April fools day comment) out of his numerous replies.


    I concur. His helpful-to-abusive ratio is quite low, but it's not 0.

    I'm not sure what it is about the security field that PITA prima
    donna's are so prevalent, but it is what it is I suppose. Least no
    one's paying for any advice given here, so it makes it easier to take
    it all with a grain of NaCl.

    Microsoft actually has some tips though LOL
    http://www.microsoft.com/smallbusin...raining/5_ways_to_manage_the_prima_donna.mspx



    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
    Todd H., Apr 1, 2007
    #8
  9. Quercus Robur

    Leythos Guest

    On Sun, 01 Apr 2007 09:37:34 -0500, Todd H. wrote:
    >
    > I'm not sure what it is about the security field that PITA prima donna's
    > are so prevalent, but it is what it is I suppose.


    No, that's not the norm, in fact, most security experts are very nice and
    concerned people that are quite willing to share all that they know and to
    do it in a way they believe will help the person they are working with or
    talking too.

    When you run into the prima-donna types you should just ignore them, walk
    away, go another direction, etc.... In most cases, the people that have
    their heads so far up their butts make serious mistakes by not seeing the
    threats around them, by missing something critical, by not really caring
    to learn from others.


    --
    Leythos
    (remove 999 for proper email address)
    Leythos, Apr 1, 2007
    #9
  10. The effect of SG's response is to subvert the question. Not one reply helps
    solve the problem.
    So I re-state my question. Please does anyone know how to get rid of the
    Trojan?

    Thanks,
    Martin

    "Quercus Robur" <> wrote in message
    news:ErDPh.223520$...
    >A friends computer is infected with some trojan. At boot up McAfee reports
    >that image xlibgfl254.dll is not valid. I have checked elsewhere for
    >removal instructions and seem to have two choices. Edit the registry,
    >which I am reluctant to do, or use a program from Previx, who I have never
    >heard of. Does any one know how to remove the trojan? Apparently McAfee
    >can not.
    >
    > Thanks,
    > Martin
    >
    Quercus Robur, Apr 1, 2007
    #10
  11. Sorry David, I missed your reply. Thanks, I will give Previx a try.
    Martin

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:kzDPh.1638$_43.1520@trnddc02...
    > From: "Quercus Robur" <>
    >
    > | A friends computer is infected with some trojan. At boot up McAfee
    > reports
    > | that image xlibgfl254.dll is not valid. I have checked elsewhere for
    > | removal instructions and seem to have two choices. Edit the registry,
    > which
    > | I am reluctant to do, or use a program from Previx, who I have never
    > heard
    > | of. Does any one know how to remove the trojan? Apparently McAfee can
    > not.
    > |
    > | Thanks,
    > | Martin
    > |
    >
    > Prevx is excellent. You can download the free removal tool here...
    > http://free.prevx.com/
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    Quercus Robur, Apr 1, 2007
    #11
  12. Quercus Robur

    B. Nice Guest

    B. Nice, Apr 1, 2007
    #12
  13. Quercus Robur wrote:
    > The effect of SG's response is to subvert the question. Not one reply helps
    > solve the problem.
    > So I re-state my question. Please does anyone know how to get rid of the
    > Trojan?


    Hi,
    Sebastians answer was the right one, but maybe not very gently.
    Google for xlibgfl254.dll and you will find a solution to remove the
    trojan with prevx1. you can also boot with Knoppix and remove
    xlibgfl254.dll.
    But the effect is the same: Maybe that you have removed the trojan or a
    parts of it, but the greek soldiers are still active on your system.
    Finding these soldiers is nearly impossible, unless you have a clean
    reference-system for to compare with the infected system.
    It is more easy and secure to rebuild the system from scratch.
    bye
    Christoph
    Christoph Hanle, Apr 1, 2007
    #13
  14. JAB wrote:

    > David H. Lipman wrote:
    >> From: "Sebastian Gottschalk" <>
    >>
    >>|
    >>| Ehm... flatten and rebuild? How else?
    >>
    >> Yeah, and use a sledgehammer to kill flies as well.
    >>

    > [...]
    > it's blinding obvious that he does even know the basics and


    See above for what the basics are, even though some people like to ignore
    them.

    Oh, BTW, the basics of posting here: private discussion belong to the
    medium E-Mail. Thus fup2p.
    Sebastian Gottschalk, Apr 1, 2007
    #14
  15. David H. Lipman wrote:

    > From: "Sebastian Gottschalk" <>
    >
    >|
    >| Ehm... flatten and rebuild? How else?
    >
    > Yeah, and use a sledgehammer to kill flies as well.


    Except that a trojan horse is not a fly, but rather an elephant that
    tramples your computer's intergrity in every possible aspect. Restoring it
    to a save state is the *minimum* action that is necessary to restore its
    integrity.
    Sebastian Gottschalk, Apr 1, 2007
    #15
  16. Quercus Robur

    JAB Guest

    Sebastian Gottschalk wrote:
    > JAB wrote:
    >
    >> David H. Lipman wrote:
    >>> From: "Sebastian Gottschalk" <>
    >>>
    >>> |
    >>> | Ehm... flatten and rebuild? How else?
    >>>
    >>> Yeah, and use a sledgehammer to kill flies as well.
    >>>

    >> [...]
    >> it's blinding obvious that he does even know the basics and

    >
    > See above for what the basics are, even though some people like to ignore
    > them.
    >
    > Oh, BTW, the basics of posting here: private discussion belong to the
    > medium E-Mail. Thus fup2p.


    Can you tell me where to find the bit where it says you have to act like
    a spoilt little child in any thread to which you reply?

    Oh, BTW, please don't bother replying as as always you will have nothing
    of interest or help to say.
    JAB, Apr 1, 2007
    #16
  17. Can a reset point be used?
    Martin

    "Christoph Hanle" <> wrote in message
    news:460ff271$0$6438$-online.net...
    > Quercus Robur wrote:
    >> The effect of SG's response is to subvert the question. Not one reply
    >> helps
    >> solve the problem.
    >> So I re-state my question. Please does anyone know how to get rid of the
    >> Trojan?

    >
    > Hi,
    > Sebastians answer was the right one, but maybe not very gently.
    > Google for xlibgfl254.dll and you will find a solution to remove the
    > trojan with prevx1. you can also boot with Knoppix and remove
    > xlibgfl254.dll.
    > But the effect is the same: Maybe that you have removed the trojan or a
    > parts of it, but the greek soldiers are still active on your system.
    > Finding these soldiers is nearly impossible, unless you have a clean
    > reference-system for to compare with the infected system.
    > It is more easy and secure to rebuild the system from scratch.
    > bye
    > Christoph
    >
    Quercus Robur, Apr 5, 2007
    #17
  18. Quercus Robur wrote:

    > Can a reset point be used?


    No. For three obvious reasons:

    - It's stored on the same computer, thus the malware is also able to modify
    it as well.
    - You're using the compromised system to try restoring it. What exactly
    stops the malware from excluding itself from this process of even
    reinfecting the system afterwards?
    - The "reset point" is no complete backup, thus it won't restore
    everything.


    (And please, stop doing this top-post full-quote nonsense, at best in
    conjunction with stopping this overly long attribution line and posting
    with an invalid e-mail address. kthxbye)
    Sebastian Gottschalk, Apr 5, 2007
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ian

    Trojan DLUCA.F removal

    Ian, Nov 19, 2003, in forum: Computer Support
    Replies:
    6
    Views:
    1,180
    SgtMinor
    Nov 19, 2003
  2. gorf

    trojan virus dialer removal help needed

    gorf, Jan 21, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    567
  3. Some1

    mprapi.dll --> samlib.dll --> ntdll.dll issue.

    Some1, Apr 2, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    2,180
    Some1
    Apr 5, 2004
  4. graeme@invalid

    Trojan Virus Removal

    graeme@invalid, Nov 1, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    1,165
  5. Snoopy
    Replies:
    16
    Views:
    2,959
    Mainlander
    Aug 25, 2003
Loading...

Share This Page