Adwcleaner gets hanged up while cleaning after scanning.
And the windows dnsapi.dll file is corrupted most anti viruses can't do anything about it
Any ideas about how to fix this windows file?
Are you able to run ADWCleaner in Safe Mode?
Please have a read here:
[update] Shopperz Alters Dnsapi.dll | Malwarebytes Labs
SFC Scannow to see if it can fix the affected files.
If SFC could not fix something, then run the command again to see if it may be able to the next time. Sometimes it may take running the sfc /scannow command up to 3 times with Fast Startup turned off and restarting the computer after each time to completely fix everything that it's able to.
If not, then run the Dism /Online /Cleanup-Image /RestoreHealth command to repair any component store corruption, restart the PC afterwards, and try the sfc /scannow command again.
@simrick, I'm aware that the usual course of action is to remove everything first before rebuilding, but it sounds like some of the system files were damaged & could be preventing the AV's from doing their job. I'm thinking it might be possible to restore the damaged OS files back to a working state to aid with the removal of the virus. Your thoughts on that?
If you cannot repair the system & remove the malware, then the best option would be a clean install. I know this is a PIA, but it sounds like there is a lot of corruption on your OS & rescue may not be possible.
Repair Install Windows 10 with an In-place Upgrade - Windows 10 Forums
Based on what the Malwarebytes page says on this particular infection:
...It also sets a Run key and creates Scheduled Tasks in order to get started at boot and at a preset time. And it uses multiple services, one of which also runs in Safe Mode.
What this Trojan does is ingenious. First of all it adds a RunOnce key (to flush DNS).
The next thing the Trojan does is copy the users’ hosts file and add a couple of lines at the top. It then stores this altered copy in a different location, making sure that the length of the string showing the location inside the system32 folder is 18, exactly the same as the length of “\drivers\etc\hosts”. In my removal guide it was “\idhk\jec\ivot.dat” but “\spp\store\hst.dat” was another one we found often, which seemed convenient as that is placed in an existing folder.
Why is the length of the string important? Well, that is to facilitate the next part of this scheme. The Trojan then replaces your dnsapi.dll files (all of them) with a patched copy. The size of that copy will be the same as the original because of the identical length of the string.
After removing the infection, the writer of the article was indeed able to repair the corrupt dnsapi.dll files using sfc /scannow.
So, I suppose he could try it, but I am thinking, if the infection is still active, (as the OP says), it will just revert back to the modified files. It couldn't hurt though.
Consider doing it while there is no net access so the malware can't "call for help" so to speak. I hope that helps you fix the PC Win98. But as stated, if the corruption is too severe you may have to consider a clean install.
Thank you @simrick
There is another option, if he has access to another system, to download Kyhi's WinPESE media to a flash drive, and boot the infected system to it. Kyhi has Malwarebytes Antimalware on there. He won't be able to update the virus definitions (I don't think), but he may be able to get rid of the infection that way. He would also be able to copy all his data off the hard drive while he's in there, in case the clean install becomes necessary.
Hi guys thank you so much but It seems my windows was stuck and One very important thing I found was that my system was stuck with major windows update and the "Windows Defender" was turned off by the viruses so after some clean-up I desperately tried to turn it on ,Since group policy is not in Windows 10 home I found alternate methods to do so off internet.
but now Three main things happened
I updated windows 10 after turning on windows defender.
Scanned with viruses and ran some guides to how to fix the corrupted windows files and ran a system's check to fix the windows files.It seems I'm virus free
Maleware bytes and previous working AV"s are not detecting viruses.
Adwcleaner is detecting junk and you know other stuff about 500 stuff but it gets hanged in safe mode or normal modes.
my system is fast seems secure not detecting errors from any-one except adwcleaner is hanging up.So guys can you help me out with adwcleaner?one last thing @borg @ simrick
Big salutes to all you guys thanks mates
Let's see if this doesn't help, now that you have some control over the system:
Create a restore point.
Put your system in a clean boot state (see part 1 here):
Clean Boot - Perform in Windows 10 to Troubleshoot Software Conflicts - Windows 10 Forums
Then, run these, in this order:
TDSSKiller (select all options, bottom to top - it will reboot to scan properly)
RKILL (again, because everything RKILL does is undone by a reboot)
ADWCleaner (it will reboot to clean)
Malwarebytes Antimalware (run a custom scan, select the box to scan for rootkits, and check the box to scan your entire system drive)
Ccleaner - run on browsers and clean out temp + cache, then run on registry.
Let us know if ADWCleaner runs better with a clean boot, after running the other tools. That might help.