Start up driver error message in XP.

[ssjveggitto]

XP Home edition when the computer boots up there is an error message "Failed to load hawivobi.dll" Will not allow me to remove this from the start up in msconfig. Get an error message that I need to be an administrator to remove from start up even though logged in as an administrator. Cannot find any information on this driver at all. Cannot find the driver in the system32 file. Found the driver in the HKLM\Software\Microsoft\Windows\Run registry. Deleted the entry but it keeps coming back on start up. Need to find a way to remove this file completely. Anyone seen this driver before?

 

[Guest]

It's not a driver, it's a malicious DLL. Boot from a Windows XP CD and get into the Recovery Console. You can manually delete it.

Grumpy

 

[ssjveggitto]

I'm aware it's malware the file is no longer on the harddrive. It's still set in the start up and of course errors out on boot because the file is no longer there. I can't get this out of the start up. Just to be sure I did try to remove it in the Recovery Console but get an error message that it can't find any matching files.

 

[muz_j]

Have a look at the permissions that have been set on the RUN key within the registry - the malware may have altered the Administrator account's rights to prevent the value from being removed - try this:

To update the permissions of the registry subkey, follow these steps:
a. Click Start, click Run, type regedit, and then click OK to start
Registry Editor.
b. Locate and right-click the registry subkey:
and then click Permissions.
c. Under Group or user names, click Administrators.
d. Under Permissions for Administrators, make sure that the Allow check box
for the following entries is selected:
• Full Control
• Read
e. Click Apply, and then click OK.
f. On the File menu, click Exit to quit Registry Editor.

>>> Once you have made the permissions change, log off and back into windows to ensure your access rights have been updated, but from memory it's not required - but better to be safe than sorry.

Once you've logged back in - re-attempt to remove the dodgy value.
It it is removed, then my advice is to reboot your machine and see if there's is anything lurking on your machine that may attempt to restore the key.

Once you've rebooted and verified that the key is definitely gone, then I would spend a couple of hours scanning your PC for any more malware - trying AdWare and Spysoft Seach and Destroy for 2 good, free anti-Malware tools that you can rely on. There's pleny of others, so hunt around, but those 2 are reliable and have regularly updated definitions.