# How can i delete wininet.dll ?



## Graham-GTS (Jul 7, 2005)

Hi,
I recently had a computer with the *smitfraud trojan* and after successfully cleaning the comp (with the help of hjt log forum) I am left with the file *C:\WINDOWS\system32\wininet.dll *. When I try to delete it a message tells me that the file is protected or in use and cant be deleted. Ive tried to *Delete a file on reboot * in HJT but it wont go. It is not causing any problems that I can see but it is anoying as the McAfee AV constantly displays a message about it(but cant delete it). Anyone got any sugestions?

*Thanks in advance
Graham-GTS*


----------



## Geekgirl (Jan 1, 2005)

wininet.dll is a module that contains Internet-related functions used by Windows applications, why do you feel you need to remove it?


----------



## Graham-GTS (Jul 7, 2005)

I was asked to remove this file in a fix forum, also the AV the comp had at the time (Antivir XP ) kept picking it up as did panda active scan. here is a copy of the active scan results
------------------------------------
Activescan Log:


Incident Status Location 

Adware:Adware/Antivirus-gold No disinfected C:\WINDOWS\screen.html 
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\intel32.exe 
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\oleadm.dll 
Virus:W32/Smitfraud.B Disinfected C:\WINDOWS\system32\wininet.dll 
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\wp.bmp
-----------------------------------------------------
Hmm... I notice the scan says it has been disinfected, but the new AV (McAfee) constantly displays a message about it.

Below is an extract of the advice i was given(which fixed the problem)on another forum refering to *wininet.dll*

-----------------------------------------------------
Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\screen.html 
C:\WINDOWS\system32\intel32.exe 
C:\WINDOWS\system32\oleadm.dll 
C:\WINDOWS\system32\wininet.dll 
C:\WINDOWS\system32\wp.bmp 

Using Windows Explorer, delete the following Files indicated in *RED

C:\WINDOWS\screen.html 
C:\WINDOWS\system32\intel32.exe 
C:\WINDOWS\system32\oleadm.dll 
C:\WINDOWS\system32\wininet.dll 
C:\WINDOWS\system32\wp.bmp*
-----------------------------------------------------

Its just anoying that b]McAfee[/b] keeps picking it up.


----------



## Graham-GTS (Jul 7, 2005)

Actually McAfee says that:

The file *C:\WINDOWS\SYSTEM32\WININET.DLL* is infected by the* W32/Alemod.b.dll* virus and cannot be cleaned.


----------



## MicroBell (Sep 21, 2004)

*DO NOT DELETE THAT FILE!!!!*

Download *smitRem.zip* and save the file to your desktop.
Right click on the file and extract it to it's own *folder* on the desktop.

Place a shortcut to *Panda ActiveScan* on your desktop.

Please download the trial version of Ewido Security Suite here:
*http://www.ewido.net/en/download/*

Please read *Ewido Setup Instructions*
Install it, and update the definitions to the newest files. Do *NOT* run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
*Ad-Aware SE Setup*
Don't run it yet!

Next, please reboot your computer in *SafeMode* by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.


Open the *smitRem* folder, then double click the *RunThis.bat* file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named *smitfiles.txt* in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
Click *[Scanner]*
Click *[Complete System Scan]* to begin scanning.
Click *[OK]* when prompted to clean files
With the first file it prompts to clean, select the option - *"Perform action on all infections"* - & choose clean and click *[OK]*.
Once finished, click the *[Save report]* button
Save the report to your desktop
Close Ewido

Next go to *Control Panel* click Display > Desktop > Customize Desktop > Website > Uncheck "*Security Info*" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the *autoclean* box is checked!
Save the scan log and post it along with a new *HijackThis Log* and the *Ewido Log* by using *Add Reply*.
Let us know if any problems persist.

Ewido and the SmitRem tool should be able to clean that file now.


----------



## Geekgirl (Jan 1, 2005)

Did I miss something :4-dontkno 
Sorry, my searches came up with a legit file, I will let Microbell take care of you :smile:


----------



## Excal (May 25, 2005)

Geekgirl,

You are correct that is a valid file. And if you delete it, you will lose explorer. Smithrem does indeed replace the file, but it does not work all the time(i have 2 currently like that).

Miekemoes wrote an excellent batch that allows you to see if and where they have other wininet.dll's on their computer so you can replace the bad one.



Excal


----------



## Geekgirl (Jan 1, 2005)

Thank you for clearing that up :smile:


----------



## Wozer (Oct 3, 2004)

actually, if one has a dual boot system, repairs like this are a lot easier...cause you can access said file from the other OS and have no restrictions about dealing with it...(yeah, I've had to do this type of work before)...


----------



## BillyTheKidCO (Jul 28, 2005)

*Thanks*

Thanks a lot for advices from ASAP members. I almost cleared all virus and spyware. Ur suggestion to kill virus is wonderful.

Billy


----------



## BillyTheKidCO (Jul 28, 2005)

I forgot to attach this report. :smile: I have a question, Norton warning me there is a virus at C://Windows/System32/winninet. But I did not find this virus in this report. Was that virus killed?


----------



## MicroBell (Sep 21, 2004)

BillyTheKidCO said:


> I forgot to attach this report. :smile: I have a question, Norton warning me there is a virus at C://Windows/System32/winninet. But I did not find this virus in this report. Was that virus killed?


Run the fix I listed above should clean that file. Also...Visit windows update page...because if your system was up to date..that file could not get infected in the first place!! It was patched...months ago.

As for your Report..Ewido cleaned those files..


----------



## july (Aug 4, 2005)

Graham-GTS said:


> Actually McAfee says that:
> 
> The file *C:\WINDOWS\SYSTEM32\WININET.DLL* is infected by the* W32/Alemod.b.dll* virus and cannot be cleaned.


----------



## july (Aug 4, 2005)

*i have same problem like graham-gts*

i have the same problem like graham. i don't have skills to use very well a computer, please help me :4-dontkno


----------



## greyknight17 (Jul 1, 2004)

Hi july and welcome to TSF.

Post in the HijackThis Log Help forum instead. Before you post, read this first.


----------



## gregmaxey (Aug 11, 2005)

thank you Microbell for you instructions on how to fix the problem above. i was just searching on how to fix and came across this forum. it worked the first time and my computer is problem free...i think


----------



## monkman0 (Aug 14, 2006)

*I have a similiar Wininet.dll problem*

Hi! I recently found a virus in the Wininet.dll file and I deleted it using the virus scanner. The problem is I replaced it with another wininet.dll file from a Windows 98 computer . Now I can't run most of my programs. I downloaded the right version of the Wininet.dll......now I just need to know how to replace the other one with the correct version. It won't let me delete it in Safemode or with various programs that are supposed to.


----------



## Geekgirl (Jan 1, 2005)

Rename the old one .old and replace with the correct one.


----------



## monkman0 (Aug 14, 2006)

*Thanks!!!*

Thanks!! Renaming it worked and my computer is operating correctly again  I just expected it to not let me rename the file---and say that the file is in use like it did every time I tried to move or delete it.....but it worked great.


----------



## Geekgirl (Jan 1, 2005)

Good to hear, you can now delete that file you renamed if it allows you to


----------

