Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Strangle DLL file found in memory.


  • Please log in to reply

#1
Purgatory

Purgatory

    Member

  • Member
  • PipPipPip
  • 102 posts
I was doing a routine virus scan on my system with NOD32 (up to date) and it found "tuvsrst.dll" in my system32 folder. Says this in the log.

"probably a variant of Win32/Genetik trojan found in operating memory. System memory infection originated from file C:\WINDOWS\system32\tuvsrst.dll."

I've tried google etc to try and find some info on it, but google doesn't yield any results. NOD32 says it will reboot and clean/delete it. But after the reboot it is still their.

Any help would be appreciated.

Thanks in advance.

[EDIT]
I found it it's attached to winlogon, explorer, and firefox it seems.. The file cannot be deleted what so ever.
How should I go about solving this problem?
Spybot says it's malware.

Edited by Purgatory, 13 March 2007 - 10:54 PM.

  • 0

Advertisements


#2
Fenor

Fenor

    Trusted Tech

  • Retired Staff
  • 5,236 posts
Hi Purgatory!

I suggest you go to the Malware Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post a HiJackThis Log in THAT forum. If you are unable to run and/or post a HJT log, then post that in your initial post in the topic you create in that forum.

Fenor
  • 0

#3
happyrock

happyrock

    Tech Moderator

  • Retired Staff
  • 9,285 posts
I blielve you have a Vundo infection...you can start here...and when you get done and IF you are still having problems then post a hijackthis log here

Edited by happyrck, 14 March 2007 - 09:04 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP