From: Dean on
I wrote this guide after I discovered a faster and easier way to delete this file.
The guide can be found here:

http://www.retro-zone.org/support_pc_windows_compstu.dll.html



Ma wrote:

compstu.dll
26-Dec-07

Have 2 identical PCs with Win XP Home SP2. One has a file in
C:\windows\system32 named compstu.dll, the other does not. This file is
corrupted by a trojan. Have tried to delete this file by going into Safe
Mode but it will not delete. The message says it is either in use or write
protected.

What can I do now?

Thanks in advance.

Previous Posts In This Thread:

On Wednesday, December 26, 2007 12:48 PM
Ma wrote:

compstu.dll
Have 2 identical PCs with Win XP Home SP2. One has a file in
C:\windows\system32 named compstu.dll, the other does not. This file is
corrupted by a trojan. Have tried to delete this file by going into Safe
Mode but it will not delete. The message says it is either in use or write
protected.

What can I do now?

Thanks in advance.

On Wednesday, December 26, 2007 1:04 PM
nas wrote:

RE: compstu.dll
"Max" wrote:


It is a BHO.DL installaed itself in the system Root and given itself an
Admin privileges and write protected file, but it can be changed through the
security Tab on that File properties!.

If you will go to this Key you will find it running itself and Admin:
[-]HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa = in the right
pane you will see entry like this os so:

Msv0_1 "C:\Windows\System32\compstu.dll"
The above should be Msv0_1 the reset is not there, it been added by the
Trojans/Worm.

and
CurrentControlSet01
CurrentControlSet02

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here off-line scanner:
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Let us know how it is going.
nass
----
http://www.nasstec.co.uk

On Wednesday, December 26, 2007 1:57 PM
Ma wrote:

RE: compstu.dll
nass,
Thanks for the info. Found C:\windows\system32\compstu.dll in the registry
in 2 places as data and deleted it. Went thru all your cleaning steps.
Restarted the PC and found 1) the data returned to the registry, and 2) still
could not delete the file compstu.dll. How can I get rid of this file? Am
at the last straw - please help.
Max

"nass" wrote:

On Wednesday, December 26, 2007 2:11 PM
nas wrote:

Hi Max,Yes, it will come back again as it been write protected, my advice to
Hi Max,
Yes, it will come back again as it been write protected, my advice to you
try to run the Hijackthis and send the log to one of many forums and please
can you send me one at here:
to_you_rossatyahoo.co.uk for more help, if you wish.
This a Vundo variants by the looks of it, and can be nasty piece of Viral
infection to rid of, be prepared and backup your Data on Removable Storage.
HTH.
nass
---
http://www.nasstec.co.uk

"Max" wrote:


Submitted via EggHeadCafe - Software Developer Portal of Choice
WPF Binding Beyond the Limitation of Name Scopes
http://www.eggheadcafe.com/tutorials/aspnet/ef583104-e507-491d-b05f-49faac8854c8/wpf-binding-beyond-the-li.aspx