Unregistering malicious DLLs

Complex parasites often use dynamically linked library files (DLLs) that contain code responsible for implementing certain harmful functions and required by threats to work as intended. Many browser hijackers and browser plugins consist only from DLL files, which are registered in the system and sometimes can be injected into some safe essential system services, so that it can be practically impossible to remove them manually or eliminate using automatic spyware removers. The way out is to unregister such DLLs and then simply delete them like ordinary files. This can be enough to stop the parasite’s activity and completely get rid of it. Read the following guide to learn how to simply and quickly unregister DLL files.

The tool you need to use is called Regsvr32. It is a native Windows program, which is already included in your operating system distribution. Regsvr32 is designed especially to register and unregister DLLs, ActiveX controls and other similar files.

Let’s say you want to unregister IScript7.dll library file, located in C:\\Program Files\\Common Files\\InstallShield\\Driver\\7\\Intel 32 directory. (Note that this file was taken as an example. It is a fully legitimate object that doesn’t need to be unregistered or removed from the system!)

To unregister the DLL you have to:

1. Open the Command Prompt
Press the Start button and click on the Run option. This will start the Run tool. In its Open: field type cmd and press the OK button.

Unregistering malicious DLLs
Image 1. Open the Command Prompt

2. Navigate to the exact DLL location
When the Command Prompt window will appear, change the directory to exact DLL location path as shown on Image 2. Type the cd command (it is used to change the current directory), put space and enter the full path to the DLL. Press enter. This will change the current directory to that you have entered. To display directory contents use the dir command.

Unregistering malicious DLLs
Image 2. Navigate to a folder containing the DLL

3. Unregister the DLL
Within the exact directory type this command: regsvr32 /u [dll_name] and press enter.

Unregistering malicious DLLs
Image 3. Unregister the DLL

If the DLL was registered in the system and the operation was successful, you should see a message very similar to the following:

Unregistering malicious DLLs
Image 4. The operation succeeded

If you have accidentally unregistered harmless DLL, you can register it back by invoking regsvr32 command without the /u key: regsvr32 [dll_name]. This will undo the changes.

If you are not sure why you have to do a certain task, do not know how to perform described actions or above guide is too difficult for you, feel free to try our recommended automatic spyware removers.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions