Ironically the virus/CPU problem started after downloading an anti-spyware program from a legitmate web site I have used in the past. The anti-spyware program turned out to be damaged.
From what I can determine the virus was a "Trojan" type that pretended to be the devldr32.exe program. I ended up with a hundred - to over 300 - devldr32 tasks running - as many tasks as could be started. When some quit, others would start.
Naturally with the CPU pegged it was hard to "get a word in edgewise" to find out what was behind the problem. Slowly I did. I also found and tried several anti-virus and anti-spyware programs in addition to the ones my brother already had, but none removed the virus. Once I found out devldr32 was a problem I read up on the internet about it. It appears that the correct devldr32.exe comes with a Sound Blaster audio card to run the back two speakers on a four speaker system. In other words, not used by many computers and a target for a virus pretending to be a legitimate program.
My brother wasn't using this Sound Blaster card so I tried to delete the App for that card. Wouldn't delete. After a number of tries I got it to delete - while all the time the App's uninstall program complained the devldr32.exe was damaged and unusable during the delete.
Now with the App deleted you'd think the problem is over. Nope. The devldr32.exe is not in the App's folder but in Window's system32 folder and the CPU was still pegged.
So I deleted the devldr32 program from the system32 folder. The program magically came back. Huh? Still the CPU problem. I deleted devldr32 everywhere I could find it, including the cache. I was unable to delete the copy I found in a .cab file as I didn't know how to do so when 'delete' was not an option for that copy. Devldr32 came back over and over.
Before I was able to figure out how to really get rid of the program I discovered - after yet another reboot - that the virus disappeared. Maybe the reappearing devldr32 program was created from a clean and non-infected copy? The cab file?
During this process I learned about more anti-virus and anti-spyware programs and how one can't rely on just one copy of an anti-virus and anti-spyware program to eliminate threats. A number of threats are coming from a number of sources and one may need a few different highly recommended "anti" programs to catch various threats.
I also learned of various ways to start the computer to put it into a diagnostic mode or in a safe mode. I also learned about the Registery file and successfully deleted the keys to the Sound Blaster and devldr32 references not removed after I deleted the Sound Blaster App. And I didn't trash the registery file!
My brother also needed to get the Microsoft's service pack 2 and other recent patches as his computer was a little out of date in this regard. This was easier said than done as the install of service pack 2 hung in the middle of its install and locked up the computer. "What next?"
After rebooting his computer it was unstable and a number of things didn't work, including trying to open the Control Panel to remove the partially installed service pack 2.
I got the service pack removed by using the Start->Run feature to do the uninstall. Today we tried the service pack 2 install again, this time with the virus protection programs turned off (cross your fingers!), and the install worked.
I also deleted and reinstalled the Firefox browser as it would often crash when I worked with Yahoo mail. Tonight it didn't crash once when working with Yahoo mail so hopefully that problem is fixed.
I guess if I can't survive as a rancher I have computer work to fall back on?
So I think my brother's computer is now up-to-date and I can get back to my blog.
No comments:
Post a Comment