How do I recover a DLL file installed by Dell that was infected by Trojan?

Hi neubauer, and welcome to the forum.

A few questions:

1) Was your PC experiencing any problems prior to McAfee quarantining this file?
2) Was this file quarantined by a routine on-demand scan, or did McAfee just running in the background alert you about this detection/quarantine?
3) What trojan did McAfee say you were infected with? (The exact text of any alerts you got would help. The info should also be in your McAfee log files).

Generally speaking, a dll file not found with a Google search is probably not a file you want to restore.

delete all the virus related file picked up by your anti-virus program, empty quarantined items.

Use CCleaner , once installed click on the Registry Tab, then click scan for issues, after scan completes , click fix all issues.

I appreciate your quick contributions, but the focus of your comments is on virus/trojan removal tools rather than recovering the DLL. So I'll take a minute to explain why I don't  have a choice of virus removal tools and why I'm mainly concerned about recovering the DLL. Maybe there's another part of Dell's website I shoudl investigate.

First, my PC experienced problems with other Trojans before this last one. McAfee quarantined other Trojans. The file omiseciyopub.dll kept reappearing in my Windows directory despite McAfee's earlier attempts to quarantine it.  McAfee's March 26 update was finally able to quarantine it permanently after I downloaded the update (which trigerred an automatic scan).

I had to UNINSTALL MCAFEE IMMEDIATELY because my ISP no longer provides support for McAfee. I called McAfee support one final time, and they convinced me this was a real trojan and the file needed to be deleted. Since I no longer have McAfee, I can't remember the Trojan names (some used generic names assigned by McAfee). I will install the Norton Security suite soon. If future Trojan problems come up, I'll have to use Norton to deal with them.

Maybe I'm asking for help with the DLL file recovery in the wrong topic section of this forum.

Don't some web sites serve as DLL libraries? Unfortunately, I haven't found this particular DLL at Dell's website.

I'd certainly like to hear suggestions about the DLL.  Thanks all

neubauer:

If you can't find that dll file with a Google search (I couldn't either), and it's not on your installation CD, and McAfee support confirmed it was a file that needed to be deleted, I seriously doubt it came from Dell, or that  you want to restore it. Forget this dll. You might have bigger problems to worry about.

If you have been on the internet without an updated anti-virus installed and running at all times, as you seem to imply, your PC might well be compromised beyond easy recovery. Sorry to be the bearer of (possibly) bad news.

You might want to run an online free AV scanner such as ESET's: http://www.eset.com/online-scanner which has removal capability,

My only other suggestion is you post a HijackThis log in the Malware Removal forum here:
http://en.community.dell.com/forums/3521.aspx

Read these instructions before posting there:
http://en.community.dell.com/forums/t/19251122.aspx

Best of luck!

Just to confirm what Joe suggests, that is a malware file. The reason your computer is looking for it is because you removed one component of the infection, and there is still something in your computer that is telling it to run. You need a more thorough cleaning. I suggest following Joe's instructions above. Good luck.

STATUS REPORT:

I just installed Norton Security Suite and ran a complete scan using the latest updates and Norton’s default actions once it finds a virus.

It fixed 1 virus it found, but to my surprise it didn’t report the name of the virus it found. I can’t locate that virus name among the different Norton screens. Unfortunately I still get the RUNDLL error when I reboot Windows XP.

I will be using NORTON SECURITY SUITE and ONLY NORTON to deal with this problem (which McAfee rated as Low Risk). I will not take off my Kevlar ® bulletproof vest to try on an unknown brand that could not match Norton’s manpower.

Again, thanks for suggestions.

HERE'S THE VIRUS NORTON FOUND:

jvmimpro.jar-552c06e3-5dabe7df.zip (Downloader)

It is high risk and very few (less than 10) infected cases were identified by Norton. To "Fix" the problem, Norton removed 2 Java ZIP files from the cache subdirectory for Java Ver 1.0.

With the information I have available (described above), can I determine whether this virus is related to the Trojan problem that led me to start this thread? Basically, I'm asking if Norton helped solve the Trojan problem.

"can I determine whether this virus is related to the Trojan problem that led me to start this thread"

a simple test:   you originally indicated you were getting a RunDLL error message about a missing file... and as of your previous post, you indicated the "situation" (note, i say situation, not virus) was still there.

if so, that would indicate (to me) that what Norton found now is a separate problem.

BugBatter, who is among the foremost security experts volunteering in this forum, gave you the appropriate diagnosis and advice:   McAfee removed a BAD .dll file, however, it left behind a "calling card" which still tries to find that file (now missing) each time you start up windows.    by pursuing her (and Joe's) advice, to generate and post a HijackThis log in the Malware Removal forum, they should be able to locate and fix that situation.

I will be using NORTON SECURITY SUITE and ONLY NORTON to deal with this problem (which McAfee rated as Low Risk). I will not take off my Kevlar ® bulletproof vest to try on an unknown brand that could not match Norton’s manpower.

Just so you understand, nobody was suggesting you uninstall Norton, or try an "unknown brand".

ESET's online scanner is one of several excellent free online AV scanners, that can be run without uninstalling your current AV. Norton is a good AV, but no AV is bullet-proof, and a "second opinion" from such an internet scanner can be helpful in situations like yours. (When I suggested it, it also appeared you had no AV installed).

Similarly, HijackThis is a free diagnostic tool used by malware removers. It is not an AV, and does not conflict with your AV. It requires expert analysis and guidance to use, however.

I can assure you that if my AV had detected recent infection (and you appear to have had 2), even if it had apparently blocked/deleted it, I would run to post a HijackThis log to rule out collateral infection ASAP.

I do not see any "unknown brand" being suggested here. 

neubauer, you have wasted a couple of days discussing this. Now if you want help, you will have to wait or go to another forum. Dell's forums will be read-only for a few days while Dell works on a forum upgrade.  If you are ready to work one-on-one with a trained analyst, please click on my signature's link to SpywareHammer so that you can post on their Malware Removal forum. By doing that, your issue can be handled in a timely manner. Be sure to read the instructions for posting so that you include the required log and other information.  You will need to follow instructions for removing the remnants of that malware, and not make any changes to the system on your own until your computer has been deemed as being clean. Thanks.

Additional forums that offer HijackThis analysis can be found at the links in the recommended sites section on these pages:
http://hjt-data.trendmicro.com/hjt/analyzethis/index.php
http://asap.maddoktor2.com/