Sign-in / Sign-up
Your question

Virus: xcechinu.dll?? Symantec Anti Virus Picked this guy up...

Tags:
  • Virus
  • Symantec
  • DLL
  • Windows XP
Last response: in Windows XP
April 4, 2010 4:50:47 AM

There is little to no information on this little guy, but it looks like xcechinu.dll is a Virus, here is the info that Symantec gave me:

VIRUS NOTIFICATION
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Downloader
File: C:\WINDOWS\system32\xcechinu.dll
Location: C:\WINDOWS\system32
Computer: STONEHOME
User: XXXXXXXXXXX(Its My User :)  )
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Saturday, April 03, 2010 4:34:28 PM

Then it just gives a bunch of pages on how it failed in removing it.

I have scanned with:
1.) Symantec AntiVirus
2.) Spyware Doctor - Came up with NOTHING
3.) Malwarebyte's - Came up with NOTHING
4.) Ad-Aware - Came up with NOTHING
5.) Windows Search - Came up with C:\WINDOWS\system32\xcechinu.dll

Since its a DLL file im scared to delete it...

I have no clue whether if this is legitimate or not, but I cant remove it with anything that i have at the moment. ANY advice would help.

Thanks Ahead :bounce: 

More about : virus xcechinu dll symantec anti virus picked guy

April 4, 2010 4:52:36 AM

Oh, just in case you need it my specs are:

DELL e510
P4 3.2GHz
3GB RAM
1TB HDD Space Total
nVidia 9600GT
500Watt PSU
m
0
l
April 4, 2010 4:54:34 AM

Oh lol you might also need that im running:

Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 3

m
0
l
Related resources
Can't find your answer ? Ask !
April 4, 2010 5:43:10 AM

It'd a fairly new one. Try deletuing it, as it's not a system file.

Then try SuperantiSpyware and TrendMiceo Online Rootkit scanner.
m
0
l
April 8, 2010 6:51:17 AM

So, what happened?
m
0
l
April 8, 2010 9:55:38 PM

NOthing, notin was picked up, and im really a wimp to delete the file... lol srry :( 
m
0
l
April 9, 2010 2:43:03 AM

Boot into safe mode with networking and do the scans. It could be suppressing your scanner.
m
0
l
April 9, 2010 3:10:19 AM

gidgiddonihah said:
NOthing, notin was picked up, and im really a wimp to delete the file... lol srry :( 


It's not a system file, but part of a piece of malware, and you did no harm. But that doesn't mean you don't have other problems caused by the virus. Follow aford's directions now.
m
0
l
April 9, 2010 6:17:36 AM

If your really afraid to delete the file completely, startup in Safe Mode as aford10 says, and rename the file instead of deleting it. Then you can restart in normal mode and if everything appears to be working properly you can then delete the renamed file.

Don't worry... be happy!
m
0
l
April 9, 2010 11:36:36 PM

Lol, it somehow it disapeared, one moment i was looking at it, the next it was gone... POOF! Any ideas?? Did something delete automaticly somehow?? HELP!! :) 
m
0
l
April 9, 2010 11:37:57 PM

And yes i did make sure that it it wasnt hidden... Its just not there!
m
0
l
April 9, 2010 11:40:59 PM

Im planning to re-install windows in a few months... When i have time :)  So if we cant figure this out, ill just reinstall windows, and spend 10 min a day add my programs and updates back on...
m
0
l
April 10, 2010 12:16:04 AM

Download and run Combofix from www.bleepingcomputer.com (if anyone knows of another site to quote that is legit please let me know)

Turn off your antivirus when Combo fix warns you that it is running and install the Microsoft REcovery Console if Combofix recommends it. This is a great utility for crippling infections so that malwarebytes, superantispyware, and antivirus programs can come in and clean up behind it.
m
0
l
April 10, 2010 12:37:04 AM

I cant find the download link :p  . Lol i prolly seem really computer dumb to u guys :) . haha
m
0
l
April 10, 2010 12:56:25 AM

It couldnt find the right system file and it sat for about 9 minutes doing nothing :( .
m
0
l
April 10, 2010 1:06:13 AM

Strange. I've never exprienced that before and I've used it over a dozen times a day for a long time now in my shop Did it error out? What was the filename and at what point did this occur? Was the system file error right away or did it come after, say, the update stage etc?
m
0
l
April 10, 2010 1:21:36 AM

It was right after that microsoft download. It said 100% then 3-4 sec later it gave the Cannot Find Right System File, then hung for about 9 min before i closed out of it.
m
0
l
April 10, 2010 1:45:38 AM

Hi gidgiddonihah,

I am currently researching errors involving the installation of the Microsoft Recovery Console. I will be back. I am curious as to what "the Right System File" is that is being referred to.

Back soon.
m
0
l
April 10, 2010 1:58:19 AM

gidgiddonihah said:
It couldnt find the right system file and it sat for about 9 minutes doing nothing :( .


Boot into safe mode, and use the start-->search function to look for that file.
m
0
l
April 10, 2010 1:58:24 AM

KK just to let you know im heading out of town... So i wont be on after tonight untill Next Sunday Night...
m
0
l
April 10, 2010 1:59:53 AM

I have no clue what file its missing... were talking about a program called Combofix... :) 
m
0
l
April 10, 2010 2:05:36 AM

gidgiddonihah said:
Lol, it somehow it disapeared, one moment i was looking at it, the next it was gone... POOF! Any ideas?? Did something delete automaticly somehow?? HELP!! :) 


Sorry, I quoted the wrong post. ^ This is the one I was referencing.
m
0
l
April 10, 2010 2:12:08 AM

Have a nice trip. :) 
m
0
l
April 10, 2010 2:18:24 AM

I guess we can set aside running Combo fix, but I find it great for rootkits and such.
So far I can find no reference to the "can not find the right system file" message relating to either Recovery Console or Combofix. Curious.
m
0
l
April 10, 2010 2:45:39 AM

He said he made an MS download. Combofix isn't MS.

I looked up xcechinu.dll, got very little info except that it is malware. You guys have a week to find out something about it. I'm watching a TV show in which several doctors team together to solve a problem. I feel like we're doing the same thing. :p 


There's Gmer and the Trend Micro root scanner.

m
0
l
April 10, 2010 2:50:24 AM

graywolf said:
I looked up xcechinu.dll, got very little info except that it is malware. You guys have a week to find out something about it. I'm watching a TV show in which several doctors team together to solve a problem. I feel like we're doing the same thing. :p 


Sounds like 'House'..?

Sophos has a good rootkit scanner.
http://www.sophos.com/products/free-tools/sophos-anti-r...
m
0
l
April 10, 2010 3:01:29 AM

"House" is a cool show...

Combo fix downloads Microsoft Recovery Console as one of its intial processes as a safe guard, so the error may have come from either program (or maybe the infection is getting in the way).

Gmer is part of the Combofix utility too. It might be idea to download and run each of the rootkit removers that aford10 and graywolf suggest.

Enjoy your show graywolf!

We'll keep thinking on the issue while your away gidgiddonihah.
m
0
l
April 10, 2010 3:41:38 AM

Just post what u think and ill pick them up when i get back just dont expect a response lol :) 
m
0
l
April 10, 2010 3:41:42 AM

aford10 said:
Sounds like 'House'..?



It was Something-Medical, didn't notice the name, as they're all cloned. But on TV doctors always team up and pool their knowledge. In real life it never happens. Each of my doctors specializes in one part of my body, including my left thumb specialist and my right thumb specialist.
m
0
l
April 10, 2010 3:43:59 AM

We won't do anything till you get back. We need the patient to operate on.

One more thing--your ID means what? Sounds a little Native American.
m
0
l
April 10, 2010 3:58:33 AM

Oh haha its sorta is... Its kinda long to explain :) . I sorta liked the name and it stuck :) .

Google it and the first too links and the fourth are me. And the 5th down describes where i got it from :) .
m
0
l
April 10, 2010 4:00:11 AM

Holy monkies in heaven (haha), it has a ton of links to me :( . Scary... lol


BTW just in case u checked im not the redneck lol... Im not the NASCAR one... :p 
m
0
l
April 10, 2010 4:05:22 AM

Security warning--you don't want a ton of links to yourself. Use a diff ID on each website you belong to.
m
0
l
April 10, 2010 8:59:50 AM

[#0005ff]Just to add my recommendation for dealing with this - Kasperky's TDSSKiller. Unlike ComboFix - which isn't really suitable for the uninitiated - TDSSKiller won't do any harm if it can't find anything to deal with. Believe it or not, CF can screw the system completely if mismanaged and the Tutorial is quite a handful for anyone to take in.

My suspicion about this file that suddenly disappeared is that it was renamed and was only the .dll and not the .exe that caused it. Like any other eight character filename made up of random letters, I suspect it of being malware and I also suspect that malware is still in there somewhere. It may also carry itself over into a fresh installation of XP.

For what it's worth. :wahoo: 

[/#000ff]
m
0
l
April 19, 2010 10:13:42 PM

Saga Lout said:
[#0005ff]Just to add my recommendation for dealing with this - Kasperky's TDSSKiller. Unlike ComboFix - which isn't really suitable for the uninitiated - TDSSKiller won't do any harm if it can't find anything to deal with. Believe it or not, CF can screw the system completely if mismanaged and the Tutorial is quite a handful for anyone to take in.

My suspicion about this file that suddenly disappeared is that it was renamed and was only the .dll and not the .exe that caused it. Like any other eight character filename made up of random letters, I suspect it of being malware and I also suspect that malware is still in there somewhere. It may also carry itself over into a fresh installation of XP.

For what it's worth. :wahoo: 

[/#000ff]


If i install win7, will that remove it?? I got it for me B-Day...
m
0
l
April 20, 2010 6:14:59 AM

gidgiddonihah said:
If i install win7, will that remove it?? I got it for me B-Day...



[#0005ff]Only if you completely wipe the hard disk and install on a fresh platform, not carrying over any old files at all unless they've been completely scanned. Slave that hard disk into another machine and scan it thoroughly before migrating any files off it. The format it in that machine before putting it back into the one which will house W7.[/#000ff]
m
0
l
April 22, 2010 4:19:59 AM

Thats what i was going to do :) . Thanks!
m
0
l
Anonymous
April 24, 2010 1:35:11 AM

:sol:  Hey yall, just to let you know...I had the same virus, and I deleted it and deleted everything on my prefetch folder and my computer seems to be working fine.
m
0
l