You are here: Home > WS2_32.DLL Patched: This Malware is Not Fun at All…

WS2_32.DLL Patched: This Malware is Not Fun at All…

I’ve been seeing a huge increase in machines that are infected with a patched WS2_32.dll.  WS2_32.dll is part of Windows Sockets Library and is used to configure/maintain network connections.  When WS2_32.Dll becomes patched you’ll notice the following behavior:

  1. Slowly loading webpages.  The pages have a 3-5 second delay since the patched DLL is executing malicious code every time you load the webpage.
  2. Website redirections on about 1 out of 4 URL clicks.

How to fix this infection:

You can replace WS2_32.dll in 2 ways (currently):

1.  Use Combofix.

2.  Boot with an UBCD4WIN and copy WS2_32.DLL from the bootable CD over your infected copy (which resides in C:WindowsSystem32).



, , , , ,

  • http://www.myhelpfulnerd.com myHelpfulNerd

    Hopefully dr. web will be able to cure this soon, too.

    • malwarekilla

      @myhelpfulnerd – Agreed. It didn’t detect it last time I checked.

  • http://rescuenerds.com rescuenerds

    You’re right, this is a pretty nasty little trojan. But there’s an easier way to replace the file than booting up UBCD, which is to simply disable Windows File Protection.

    http://www.updatexp.com/windows-file-protection.html

    You should ONLY disable WFP to temporarily replace the file. You should immediately enable it again after the replacement. You don’t want to run a computer with WFP disabled or you’ll accidently delete a crucial system file and break windows. Also, you can download a clean WS2_32.Dll file here:

    http://www.dll-files.com/dllindex/dll-files.shtml?ws2_32

    If you’re a technician, I suggest you keep a copy of that file with your AV program installers on your flash drive.

  • Wheeler

    Anyone have the MD5 of the patched file?

  • http://none john bell

    mat,can you please tell me where i can get the disc tray icons? you have.i know you are a busy guy,please help me.john


Remove-Malware Traffic Stats