How to remove WinCtrl32.dll, WLCtrl32.dll, WinNt32.dll, WinNt64.dll with CESAM Anti-Malware

Lately we have received a lot of different modifications of WinCtrl32.dll, WinNt32.dll, WinNt64.dll from our users, complaining that their antivirus software can't overcome them.

This malware is being detected by antivirus software as Trojan-Downloader.Win32.Mutant, Trojan.Mutant, Cutwail, Wigon, Mnless, Trojan.Pandex etc.

1. Go to Settings in the top toolbar and check that Disable objects using the driver is set to Always

2. Now scroll through the list of objects, displayed by CESAM Anti-Malware, and find the following:

Drivers section:
All drivers, hilighted with blue, randomly-named as Xxx11 (three any letters + two random numbers).
For example: Pmc80.sys, Quk54.sys, Vux14.sys, Feu72.sys, Hcv32.sys, Luc64.sys, Dsd06.sys, Blk66.sys.
Also, check for presense of driver WINDOWS\system32\Drivers\tcpsr.sys

Logon section:
Also, it is possible that in the following key you will find the installer of the virus (it's presense depends on the way your computer had been infected):
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
advap32 - C:\DOCUME~1\username\LOCALS~1\Temp\??????.exe

If you aren't sure which files to select, use the Online Scanner function.

3. Disable all found components of the virus by unchecking the checkbox near them, then press Apply

4. A confirmation window with the list of objects to be disabled will appear, then you will be prompted to reboot the computer.

After your computer has restarted, the virus is not active.

1. Start CESAM Anti-Malware again - you will see that the objects have been disabled.

2. Go to Settings and set Disable objects using the driver to For undeletable objects only.

3. Delete the disabled files of the virus (they are not active now). Or scan the whole drive with your antivirus software.

4. Then use the Delete from storage function for removing the disabled objects from the list that CESAM Anti-Malware displays.

If you still have any questions - welcome to our forum