huuewekp.dll Detected in Windows/Systems32?

I received this file “huuewekp.dll” 12 hours ago. I strongly believed it started when I click a link in twitter. The link isn’t shortened but a full URL. I cannot remember the exact URL, so don’t ask me specifically about this. This post is an account of the incident happened, and how to resolved the issues.

… So I click, and it brought me to an empty site. No information, no pictures, no flash, no advertisements and no document loaded. I remember the browser showing a green screen with a turning ‘swirl’ in the middle. Any user would have thought the site is in the progress of loading content, so there will just wait for few seconds. And in the midst of loading, a window suddenly pop out and warn me that my pc got virus infected.

My initial thought was Panda Cloud Antivirus which detected this virus, but it wasn’t. The pop up window look so similar to the one in Windows Security Center. The window showing a summary of files and folders infected by number of virus. I got fooled by the familiar interface, and started to click on buttons shown within the ‘fake’ antivirus interface.

Everything occurrence was fast, causing the user to panic for an immediate solutions to heal the infected files and folders. The pop up interface did prompt the user to save some sort of logging files, in other words, downloading by saving unrecognized files. And I did follow per instructions. What I have encountered was no antivirus healing has actually happened. Instead, more windows prompting me to save more files.. In total, 2 files was saved in my desktop. Could be more, if I continue using it.

I closed the browser immediately, having high suspicious of unauthorized intrusion by malicious attack. All this happened within 30 seconds. Panda Cloud Antivirus did not auto-detect this virus. I proceed to perform a scan, and the file “huuewekp.dll” was later detected and identified as worm. This is a hidden file “huuewekp.dll” located in Windows/Systems32. Despite a manual scanning and being detected by Panda Cloud Antiviurs, it still could not deleted the files, even with repeated scanning and rebooting. So what has this file “huuewekp.dll” done to my pc? To be exact, I don’t have any idea what is it. I’m a Gentoo Linux user, not into virus, malware, or spyware though.

The main issue now is how to delete “huuewekp.dll” in Windows/System32 folder? I made a google search, but to no avail. So I posted this question in the forum with “Virus/Trojan/Spyware Help”, http://techsupportforum.com . Yet no help was replied within 4 hours. What I received was a welcome message from moderator asking me to follow TSF’s pre-posting process outline, and “Please post them in a new topic, as this one shall be closed.”  The link with the same subject: huuewekp.dll detected in Windows/Systems32? http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/469074-huuewekp-dll-detected-windows-systems32.html I ended up resolving this issue myself.

  1. What has this file “huuewekp.dll” done to my pc?
      • PC on Win XP is able to use in normal condition with internet access and net surfing.
      • No annoying disturbances happened during bootup. However,
      • It BLOCKS internet access to all the major Antivirus. AVG, Norton, Panda, Symantec, Avast, Forums.avg.com Forumvirus.com. Even clicking link through google search results. Message in browser showing “Network – DNS Lookup Error”.
      • It does not block major websites like google, yahoo, CNN, Twitter, and Facebook.
      • How to delete “huuewekp.dll” in Windows/System32 folder?
        • First of all, there is no way to delete this files except logging into DOS mode during windows boot-up
        • Secondly, Panda Cloud Antivirus not able to delete this files, even with repeated scanning. Pls follow the below steps.
        • While pc is booting up, press F8 repeatably, until it brings you to a black-screen page. Showing options for booting in SAFE mode for Windows, MS-Prompt, or with Networking..
        • Select SAFE mode with MS_Prompt. and Enter.
        • It will continue to boot up to a screen asking “Administrator” or “User”. select “Administrator”
        • While in Command Prompt, type “cd..” to the root directory. Then type “cd WINDOWS/System32” and entero to access to the directory.
        • At the directory, Search the hidden file by typing “dir huuewekp.dll /a h“. Take note of the space in this command. Enter and make sure this file show up.
        • Next is to gain full access to this file. Type “cacls huuewekp.dll /g Administrator:F“. Enter to received a new prompting “Are you sure (Y/N)?“. enter “Y” to confirm
        • The final steps. Pls type at the command prompt, “del /f /a h huuewekp.dll“. Take note of the space in this command.
        • Type “exit” to close the command prompt windows. And you may do a reboot of the pc.
      • Have I totally resolved the issue?
        • The internet access to all the major Antivirus has been resolved. AVG, Norton, Panda, Symantec, Avast, Forums.avg.com Forumvirus.com.
        • I have done a quick scan using Panda Cloud Antivirus. So far, the deleted file was not detect.
        • Have use window explorer to navigated to the folder Windows/System32. And No sign of hidden file “huuewekp.dll found.
        • Nothing has happened so far. I supposed the issues has been resolved.
      • You have found other related issues?
        • Yes. Genuine answers are appreciated. Pls contribute by replying to this post.  TQ