How to Remove Boaxxe.dll Trojan

Boaxxe.dll is a Trojan. Trojans are a form of malware. Although viruses are considered malware too, Trojans behave differently from viruses in that Trojans do not self-replicate. Often, users unknowingly spread the Trojan because they have been misled into thinking that the Trojan is beneficial for their systems.

Since boaxxe.dll is a Trojan, the most probable way the file got into a user’s system is through a security or system exploit. Users manually execute, albeit unknowingly, the malware programs, and thus the boaxxe.dll and other malware associated with this file can spread further into their system.

Boaxxe.dll acts as a BHO because the file hooks up to Internet Explorer and redirects traffic to a certain website.

Boaxxe.dll uses different aliases. These include Rootkit.Win32.Podnuha.ey (Kaspersky), Trojan.Boaxxe.C (SOFTWIN) and Trojan:Win32/Boaxxe.B (Microsoft). The internal name for boaxxe.dll is ilianb.dll.

The following are the export functions for boaxxe.

  • DllCanUnloadNow
  • DllGetClassObject
  • DllRegisterServer
  • DllUnRegisterServer
  • InitEntry

This dll Trojan also adds the following registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E67FDE50-1867-4ACF-B42D-632D5C65892E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E67FDE50-1867-4ACF-B42D-632D5C65892E}

Inprocserver32 is also added.

HKEY_CLASSES_ROOT\CLSID\{E67FDE50-1867-4ACF-B42D-632D5C65892E}\InprocServer32 "(Default)" = C:\WINDOWS\system32\cnvfa.dll

The following registry key is also added:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings

Some believe that boaxxe originated from either the Russian Federation or the United Kingdom.

How to Remove Boaxxe.dll Trojan

Method 1

Run antivirus and anti-spyware programs. Boaxxe can be va ery stubborn file to remove. There are antivirus and anti-spyware programs that may inform the user that the Trojan has been removed but in fact the infection still exists.

Choose your antivirus and anti-spyware products carefully. They should be powerful enough to deal with even stubborn infections but light enough as not to bog your system down.

Keep your security software updated at all times. Malware authors design their creations to avoid detection and deletion by anti-spyware and antivirus programs. Whenever a new threat comes along, antivirus and anti-spyware vendors update their virus definition databases. This will identify new threats and provide the means to fight them.

Method 2

  • Scan your machine using your antivirus and anti-spyware programs.
  • If a boaxxe cannot be deleted because the file is write protected, then disable System Restore.
  • Reboot? your PC.

Method 3

Run a full scan in Safe Mode.

Method 4

  1. Go to C:\Windows\Servicepack\i386\.
  2. Locate explorer.exe.
  3. Copy explorer.exe.
  4. Go to C:\Windows.
  5. Locate explorer.exe.
  6. Rename explorer.exe to explorer.exe.old.
  7. Paste the explorer.exe you copied earlier on into the folder.
  8. Open Task Manager by pressing Ctrl+Alt+Del.
  9. Click on the Processes tab.
  10. Locate explorer.exe.
  11. End the process.
  12. Open up Task Manager again.
  13. Click on File and then click on New Task.
  14. Enter explorer.exe.
  15. Click on Start and go to Run.
  16. Enter msconfig.
  17. Boaxxe.dll adds two Startup entries. In the Startup tab, look for playdelnsy.dll or ydaliekjyu.dll. The spelling may not be exactly the same. Essentially, look for the entries that do not really spell anything or make sense.
  18. Write down these two files.
  19. Uncheck both of them.
  20. Reboot your PC.
  21. Scan with a registry cleaner.
  22. Delete playdelnsy.dll and ydaliekjyu.dll from C:\Windows\Windows 32\.
  23. Run a full virus scan.


Method 5

  • Boot in Safe Mode.
  • Search for boaxxe files.
  • Delete all entries that you find.