# Solved: Virus removal - kernel32.dll, winsock.dll, wsock32.dll



## barcelonabi (May 11, 2007)

Hi,
I recently scanned my pc and found WinFixer, which I was able to remove by placing the files in quarantine and then erasing them. 3 other files were placed in quarantine and I'm not sure if I should delete them (I haven't yet). The files are the following: kernel32.dll, winsock.dll and wsock32.dll, all located in C:\WINDOWS\system32. Can you let me know if it is ok to erase them?
Thank you,
Brigitte


----------



## breadcrab (Nov 21, 2007)

whoa i think they are required by windows


----------



## lunarlander (Sep 22, 2007)

Breadcrab is right, they are part of Windows. But if they are infected.... Best you try a System Restore to some old date and do a scan again to see if they are still infected. If they still are, then I'm afraid you have to reinstall Windows.


----------



## barcelonabi (May 11, 2007)

Thank you. What is implied with a system restore (will data be lost?) and how do I do it?


----------



## lunarlander (Sep 22, 2007)

Start Menu/ Acccesories/ System Tools /System Restore will bring back old configuration and executables from a date that you choose. Data stays intact as they are.


----------



## breadcrab (Nov 21, 2007)

your system restore might be infected


----------



## Byteman (Jan 24, 2002)

Hi barcelonabi

Since there is most likely some malware that needs fixing I'll move your thread to the Malware Removal forum.

What you are advised to do is post this scanlog here as a Reply.

Let's have you post a log from Hijackthis and maybe we can spot anything out of place:
go to *Click here* to download HJTsetup.exe
On that page, select one of the servers in the list under the *Free Downloads heading*
Save HJTsetup.exe to your *desktop.*
Double click on the *HJTsetup.exe icon* on your desktop.
By default it will install to *C:\Program Files\Hijack This.* 
Continue to click *Next * in the setup dialogue boxes until you get to the *Select Additional Tasks dialogue.*
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then save the log and then the log will open in Notepad.
Click on *"Edit > Select All" * then click on *"Edit > Copy" *to copy the entire contents of the log.
Paste the log in your next reply.
*Don't* use the Analyse This button, its findings are dangerous if misinterpreted. 
DO *NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------

