Complex parasites often use dynamically linked library files (DLLs) that contain code responsible for implementing certain harmful functions and required by threats to work as intended. Many browser hijackers and browser plugins consist only from DLL files, which are registered in the system and sometimes can be injected into some safe essential system services, so that it can be practically impossible to remove them manually or eliminate using automatic spyware removers. The way out is to unregister such DLLs and then simply delete them like ordinary files. This can be enough to stop the parasite’s activity and completely get rid of it. Read the following guide to learn how to simply and quickly unregister DLL files.
The tool you need to use is called Regsvr32. It is a native Windows program, which is already included in your operating system distribution. Regsvr32 is designed especially to register and unregister DLLs, ActiveX controls and other similar files.
Let’s say you want to unregister IScript7.dll library file, located in C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32 directory. (Note that this file was taken as an example. It is a fully legitimate object that doesn’t need to be unregistered or removed from the system!)
To unregister the DLL you have to:
1. Open the Command Prompt
Press the Start button and click on the Run option. This will start the Run tool. In its Open: field type cmd and press the OK button.
Image 1. Open the Command Prompt
2. Navigate to the exact DLL location
When the Command Prompt window will appear, change the directory to exact DLL location path as shown on Image 2. Type the cd command (it is used to change the current directory), put space and enter the full path to the DLL. Press enter. This will change the current directory to that you have entered. To display directory contents use the dir command.
Image 2. Navigate to a folder containing the DLL
3. Unregister the DLL
Within the exact directory type this command: regsvr32 /u [dll_name] and press enter.
Image 3. Unregister the DLL
If the DLL was registered in the system and the operation was successful, you should see a message very similar to the following:
Image 4. The operation succeeded
If you have accidentally unregistered harmless DLL, you can register it back by invoking regsvr32 command without the /u key: regsvr32 [dll_name]. This will undo the changes.
If you are not sure why you have to do a certain task, do not know how to perform described actions or above guide is too difficult for you, feel free to try our recommended automatic spyware removers.
March 28th, 2007 at 12:20 am
When I try to regsvr32 /u fyxkaah.dll I get a message that says:
fyxkaah.dll was loaded, but the DllUnregisterServer entry point was not found.
This file can not be registered.
April 3rd, 2007 at 2:06 am
Same with mine…oyopu.dll
June 8th, 2007 at 3:15 pm
I didn’t understood what to do.. what i have to write at directory
June 15th, 2007 at 10:45 am
Yeah I got the same message as James but with gbjkog.dll
I ended up having to actually restart my computer in safe mode command prompt only.
Then navigate to the directory the DLL was in for instance
c:\windows\system32
which put me where I needed to be
then I just used the DEL command to get rid of the DLL completley
example from start:
cd c:\windows\system32
DEL gbjkog.dll
and that got rid of it for me should work on all DLL files from safe mode as windows doesn’t load what it doesn’t need in safe mode command prompt
I was working on getting rid of spaycrush for days no spyware remover found that spacific DLL. It was the only spycrush file left on my system. I was still getting the fake system message so i would assume it to be possible that others would have the same problem either with that or other DLL files.
I used a combonation of Spybot search and destroy, and XoftspySE, spyware remover programs to find all available files and they got rid of everything else.
hope that helps
September 26th, 2007 at 6:49 am
How can you determined which DLL is malicious?
Edna
January 8th, 2008 at 4:53 am
i think what you should delete is the folder containing system32.i tried it and it is a success..the spyware is eliminated.my computer return to normal condition
March 29th, 2008 at 9:48 pm
I tried from safemode and it wouldnt deleate either. it says the process can not access this file because it is being used by another process. they are c:\windows\system32\xxyxnfcd.dll and rqrkibby.dll
April 26th, 2008 at 2:56 am
determine which DLL iis malicious by right click on the filename and select properties. Microsoft will be in there as the company name and author IF it is a SYSTEM file. It could belong to another program which you have installed, in this case the company name should be in there too, but not always. If you are unsure, check the date of creation in properties dialog and if you remember the date and time when the trojan struck originally, these should match if it is the culprit at work. Then you can take out the daggers and go for the kill. If it doesn’t delete because it is in use then kill the running process by ctrl-alt-delete all 3 buttons down together in that sequence. Check if the running process is necessary by entering it into your browser and searching. Remember it will come back unless you change your internet settings and encrypt your connections.
May 30th, 2008 at 2:36 am
To find the malicious files check the system file folder (WINDOW/system32) by last modified to match on what date and time you started to get the problem. Those are the malicious files.
June 21st, 2008 at 10:19 pm
you guys are stupid
July 20th, 2008 at 4:47 pm
This didnt help me at all.
August 8th, 2008 at 10:53 am
My problems: C:\windows\system32\shlwapi.dll and wininet.dll i have tryed in dos and can´t remove it from my Vista whats the f… problem?
August 29th, 2008 at 7:05 pm
hey how do you tell where this things DLL files are located? I’ve already deleted the registry keys and all that but I can’t figure this out
October 18th, 2008 at 11:27 am
this ISN’T WORKING!!!!!!!!!!!!!!
October 19th, 2008 at 4:09 pm
Im trying to remove shlwapi.dll and wininet.dll. when i get to the cmd window do i just put a space then shlwapi or do i have to know the exact location
October 22nd, 2008 at 7:04 am
“kerAK Says:
January 8th, 2008 at 4:53 am
i think what you should delete is the folder containing system32.i tried it and it is a success..the spyware is eliminated.my computer return to normal condition”
You can’t delete that folder…that’s your OS folder lol.
October 27th, 2008 at 7:20 pm
When I try to delete the C:\Windows directory, my computer stops working. Then after I reload Windows, it works. Then I try to delete the C:\windows directory again - then windows stops working. Then I have to reload windows again. Like, I’ll try it right now while I’m writing this. Okay, I’m opening Windows Explorer and browsing to C:\. NOw I click on the Windows folder and press shift + delete, select Yes to permanently delete and okay, now it’s starting to delete my files, so far so good - oh wait there seems to be an erro
October 30th, 2008 at 7:05 pm
I am trying to get rid of the msansspc.dll spyware. When I type in the directory(cd C:\windows\system32\msansspc.dll) it says that the directory name is invalid.
October 31st, 2008 at 8:42 am
Dickmonger:
Your entry, while humorous, is misleading and arrogant. Many people reading here will not understand the humor and try to follow your lead. If you can’t be helpful, keep quiet.
November 6th, 2008 at 12:43 am
i can not seem to get to any drectory and yes my eye s not workng
November 7th, 2008 at 12:37 pm
#4 was useful. I still couldnt delete msansspc.dll (access denied) or unregister it but I did rename it, and then rebooted. Finally I was able to boot up normally, and after reboot I was able to delete it
November 13th, 2008 at 1:13 pm
i too am having no luck removing msansspc.dll. Anyone figured out how to get rid of this? i’ve tried almost everything!!! Please help.
November 15th, 2008 at 1:38 pm
pat2142 how did you rename the dll fime. I have having hard time. can you please kindly tell me the steps.
thanks
sai
November 21st, 2008 at 6:31 am
tried to rename msansspc.dll in Command prompt. Got “Access is denied”. Any help ???
November 25th, 2008 at 1:53 am
Last time i leave my computer on with fucking Retards around
December 4th, 2008 at 11:01 am
Install Norton 360 and it will perfectly remove or blocked this malicious software
December 4th, 2008 at 8:08 pm
I can’t delete msansspc.dll either
December 15th, 2008 at 12:39 pm
Will formatting the hard disk and reinstalling windows again help me?
December 23rd, 2008 at 11:51 am
Here’s what I did.
Went to File Explorer: C:/Windows/System32
List by Modified Date
You will find strange sounding DLLs very recently (assuming you are still having the problem). The names almost look Japanese, like misizuto.dll, or something like that. The size of each was about 90K. I had three in my directory.
Right-click and rename the file (just add a 1 to the end)
IMPORTANT: It will NOT allow you to delete or unregister these files at this time, since they are currently loaded.
Reboot your computer. Upon Windows reloading, you will have several error boxes, depending on how many DLLs you renamed, stating that those DLLs cannot load. This is good.
Now go back to the System32 directory and delete the renamed files.
This elegant little solution worked for me. Good luck.
BTW, I am not taking credit for this, as it was mentioned by others above, but am greatly relieved that it worked. Merry Christmas all!
December 23rd, 2008 at 3:45 pm
I cant get this crap off my home PC and I can no longer connect to the Internet. Did anyone ever find a fool proof way to get this off?
January 4th, 2009 at 4:26 pm
I don’t understand why this article said that
Unregister DLLs:
shlwapi.dll wininet.dll
I tried to unregister it that was not successful. I then renamed it under safe mode. then I cannot even boot anymore. All those winlogon.exe services.exe lsass.exe ask for this dll file.