A friend of mine just bought a computer and within the first week of getting it his firewall detected an adware program called loader.exe trying to access the internet. When i attempted to delete the program everything except a .dll was removed, i made sure it wasn't read only and i checked the active processes to make sure nothing was using it but it still refuses to be deleted. Any suggestions? He is running windows xp home edition

I used to have that same problem. I cant recall what I did to get rid of it. But try removing the .dll onto the desktop. Then delete the folder. Then change the name of the .dll to something like"sdghdsgf". Then empty the recycling bin. restart your computer then put the new name .dll into the recycling bin. Hopefully this will work, it works sometime for me but sometimes it dosent. And if that doesnt work you might have to run a virus scan its probablly in the system 32 folder or somewhere in windows. Hopefully you will get rid of your problem. Im not sure if you will have to change things in regedit im not that advanced yet.

did you try deleting the file with WinXP in "safe mode"?


most manual virus removal, oh and all removal tools (that I have used) are used in safe mode..any file that is in use by windows is protected and therfor you are unable to delete/move/rename

cheers

<Edit> PErsonaly for parasites/hijackers/adware/spyware I recommend the use of Spybot S&D -with the latest updates shud have 11k+ items to search for..

Greetings hiddeninclouds. I can appreciate your dilemma, and I'd wager that someone here can help you. I would ask you to follow an informal "procedure" so that we may help, and not reinforce our cynicism when you appear not to listen.

I'm assuming that you have tried to delete the offending file, and it isn't playing on your terms. A couple things I would recommend...try booting in safe mode, and see if you can delete the offending file....or as blue_wolf suggested, try renaming the file...then try booting in safe mode and renaming the file... if that fails, do a registry search for the .dll that is being called and delete the key (backup the registry for obvious purposes)...usually once you delete the key and reboot, then you can delete the .dll.

As a favor to all, please let us know what you tried, what the results are, and any error messages that may be generated. If we know what didn't work, we can suggest other methods. If we do know what works, other members with the same problem will benifit.

Hidden, for future reference you can check this site out http://www.doxdesk.com/parasite
It's a database of known spyware/adware and full descriptions and removal methods.
Along with Spybot, this should help you keep your computer clean.

Just wondering, are they running Win2k or XP? If so, try checking your services to see if something in there might be using it.

Have you tried removing it from a command line? The lower you get, the more control you have.

Sounds like the DLL has been registered so windows will keep you from deleting it, there are a couple ways to get rid of it if this is the case. Without rebooting, if the file isn't actually being used you should be able to use regsvr32 with the /u option on the file to unregister it (regsvr32 /u C:\path\file.dll) and then you'll be able to delete it. If you don't want to mess with that or it didn't work then try safe mode and delete it there. Also if this loader.exe is part of something that Spybot would recognize then let it detect it and it will give you the option of running before anything can load the next time you reboot, then it will find it again and can delete it easily.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=253588#post711640) by ttau
Have you tried removing it from a command line? The lower you get, the more control you have.

While I understand where you may be coming from, this is not entierly true, especially for the windows operating system. A commandline, while cryptic, is not always as powerful as the GUI. Like in windows, the GUI has much more control and fine tuning than the commandline could ever acheive. While it is not good nor bad, it simply *is*.

So never be lead into thinking commandline is more powerful in every given situation, as commandline != low level control on every single OS.

Pooh has an excellent point, as some functions, while not entirely impossible with the command line, are somewhat archaic.

Take adding and deleting user accounts. You can easily delete unwanted accounts from the command line with "net user %username% /delete" (Windows XP Home users take note), but try adding an account from the command line and assigning it to the proper group with the proper permissions and the proper privelage, and you'll soon be thankful for your GUI.

On the flip side, you should also make sure that you are comfortable with command line procedures, as Windows will one day crash, and you may find yourself at the "recovery console" without an ERD.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=253588#post711596) by ShagDevil
Hidden, for future reference you can check this site out http://www.doxdesk.com/parasite
It's a database of known spyware/adware and full descriptions and removal methods.
Along with Spybot, this should help you keep your computer clean.

Everyone reading this thread should check out this link :) Thank you for posting it ShagDevil

so far i've tried the following:
removing the file with the antivirus/firewall software, i believe he has Norton but i can't recall the version :/

i attempted to remove the folder in the Windows XP Home Edition GUI environment and had trouble

i stopped the loader.exe process in the windows task manager then successfully removed everything but the .dll file, i also rechecked the windows task manager and found nothing on my second look

I checked the attributes and the file is not read only

i attempted to delete it in the command prompt and failed :(

I wish I could go run over and try everyones suggestions now but my friend and I have very little common free time So i'm going to pass along the suggestions to him and request to be updated on the progress

Thank you for the help :)