cmdline.dll keeps reappearing
Customer keeps getting a warning about an infected file (cmdline.dll), which seems to have significantly slowed down her PC.
Once I take a look, it appears that she is running the an aol antivirus… it tries to remove the infected file, but the warning keeps coming back.
I’ve never seen the aol antivirus before, so I take a quick look, and it looks like its just a re-badged kaspersky antivir… but its no longer supported.
OK, I uninstall the existing antivirus, and install (and update) antivir & windows defender.
But the real-time protection of antivir doesn’t pickup anything.
I scan using defender but that also detects nothing.
I use defender in safe mode, but it still detects nothing
In safe mode, I delete cmdline.dll, but after a restart, it reappears again… even after disabling all the obscure startup programs.
So I use bhodemon to disable anything suspicious, but at the end, I seem to have stopped it from from actually running, but it still keeps reappearing in the users temp folder
By this stage, I was running out of time (and customer is happy with the speed increase). I don’t feel comfortable leaving the PC like this, but I decide to take a closer look when I return. I reckon its effectively disabled, except for the part that re-created the cmdline.dll file.
I later heard about a program called “starter”
With it, I can see everything that wants to start automatically… it also picks up on hidden registry entries. What makes a big difference is that I can view all running processes and find out which process is locking cmdline.dll.
I’ll be using it the next time I discover difficult to stop processes.
hi,
I have the same file and my avira antivirus says it is a trojan horse or a dropper. Is it now dangerous or how can I remove it?
I found that avira will eventually remove it if you scan from safe mode. I’ve found that “new” malware is often not detected, and even if it is, it cannot be removed until the antivirus / antispyware companies have had some time to “think about it”. If you don’t have any technical expertise in this area, then call an expert who knows what they’re doing.
Hi, I also have this problem. It has only just occurred (yesterday) and the symptoms are that most file types will not open (except *.bmp) and I cannot do a soft shut-down. It only occurs when my Optus ADSL2+ modem is switched on. I run AntiVir PE classic and it doesn’t find anything unless I restart the PC without the modem switched on. Then it finds a new virus/trojan everytime and always in cmdline.dll. This is a problem! Is Optus causing this problem?
I’ve also found that “hijackthis” is excellent at removing malware… but you really need to know how to use it. I once ruined an infected system by removing the wrong thing using hijackthis…
I’ve run a full check using VirusTotal, asked various experts and even phone Optus. No luck.
I’ve now disabled dsc.exe (using msconfig) and all my problems have disappeared.
Disconnected your dsl cable from your computer
uninstall YES optus software(the one you installed when you recieved modem).
Reconnect youre dsl cable. Use as normall cmdline.dll can now be deleted
OPTUS NEED A KICK IN THE ARSE FOR THIS
Bill says
I stopped problem by disabling DSC but at start-up windows firewall is turned off each time but switches itself back on after about 30 secs.does this mean optus or someone else is checking on me
You’re a legend Glen! That solved my problem. After months of trying to figure out how to delete that file and having my system running like a snail with phone calls made to Optus (who by the way told me it had nothing to do with them) and to Norton (who were going to charge me $135 bucks for their ‘expert virus removal’) I’ve finally got rid of that damn file.
I will be making a complaint to Optus first thing monday and let them know so they can make other customers aware.