Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Strange behavior after malware removal--I don't think it's all

Started by tvanhorne , Jan 06 2008 05:05 PM

  • Please log in to reply

#1
tvanhorne
Posted 06 January 2008 - 05:05 PM

tvanhorne

    Member

  • Member
  • PipPip
  • 12 posts
Can anyone give me some advice on this? I downloaded and ran infected software and got the PAK_Generic.001 virus on my machine. I managed to delete the infected files by running antivirus software in safe mode, but when I ran in standard mode my spyware, virus, and firewall software was being disabled, windows update couldn't connect, and my internet connection was disabled due to a winsock error.

When I went back yesterday to work on the problem all of my software seems to be running fine ... except that windows update still won't update (error number 0x80072EFD, firewalls are blocking access. I have added the update websites to my trusted zones (the only suggestion recommended) but I still get this error.) and powrprof.dll is running every few seconds on my machine (seen in Spyware Terminator's realtime list). When I first got the virus, powrprof.dll, avicap32.dll, and msvfw32.dll all ran very frequently; now the latter two have stopped but powrprof.dll is still running a lot. When I go to my power management settings I am not able to change them--they're greyed out--perhaps the dll has been changed/corrupted?

Any thoughts on what's causing this or what I should do to correct it?

Thanks!
  • 0

Advertisements

#2
Ztruker
Posted 06 January 2008 - 09:18 PM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
I think your computer is still infected. Read through this area, see if you can Cleanup Your System. This takes care of the many of the problems without further action by the Malware Gurus on this site.

If this doesn't do it, post a HijackThis log HERE. Make sure you read the You Must Read This Before Posting A Hijackthis Log article before posting.

Please be patient as the malware removal experts are extremely busy and it can take 1 to 3 days for them to get to you.
  • 0

#3
tvanhorne
Posted 06 January 2008 - 09:23 PM

tvanhorne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks Ztrukr! Actually, I've been through that process--it's what got me here. Here's the link to the original thread.

http://www.geekstogo...us-t181081.html

My various logs appeared clean, so I was recommended to post in this forum...

What do you think?

Thanks!
  • 0

#4
Ztruker
Posted 06 January 2008 - 10:02 PM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
Ah, okay, read through the thread on the malware forum. You've had an interesting time :)

I did a Google search for 0x80072EFD and got quite a few hits. I'm guessing you did the same, but did you see this one? http://www.updatexp....0x80072efd.html
  • 0

#5
tvanhorne
Posted 07 January 2008 - 11:20 PM

tvanhorne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Ztruker, thanks--I did a DNS flush and it seemed to solve my problem.

I successfully updated Windows via Internet Explorer... the only update waiting for me was a security patch for IE7. After I installed it, the update that my taskbar was telling me to install disappeared. This indicates to me that the update that my taskbar tool was telling me to install was not a real Windows update file, and that the update manager itself has been compromised. When I first got the virus, other "updates" appeared despite my not being connected to the internet. So it seems logical that the update manager is broken...

Everything else still seems clean, but my power profile is not working and powrprof.dll is executing every few seconds....

Also, the other day when I ran Decker's System Scanner it told me that my Comodo Firewall was disabled, even though it seemed to be working. When I run DSS now it only gives me the main.txt, not the extras.txt, so I can't seem to check this.

What should I do now?
  • 0

#6
Ztruker
Posted 08 January 2008 - 07:29 PM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
You could try reinstall Windows Installer 3.1, see if that helps:

http://www.microsoft...;displaylang=en
  • 0

#7
tvanhorne
Posted 08 January 2008 - 11:36 PM

tvanhorne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hmmm ... I tried that but I still have to do a DNS flush and restart in order to connect. I need to find the dlls that have been corrupted and fix them, but spyware and antivirus aren't helping. Blacklight says it's not a rootkit. How would I search for and repair bad dlls?
  • 0

#8
Ztruker
Posted 09 January 2008 - 05:03 PM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts
Click on Start then Run, type sfc /scannow and press Enter. See here for info: http://support.microsoft.com/kb/310747

Otherwise, do a Repair Install. How to do a Repair Install
  • 0

#9
tvanhorne
Posted 11 January 2008 - 02:14 AM

tvanhorne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I tried the scannow, but my powrprof.dll still seems to be corrupted. I'll try the repair install, but I have to wait a week or two to get a new DVD drive! I don't need to back anything up ... I may as well just wipe the machine at this point, I think.

THanks for the help so far. I'll post again in a few if I need to.
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP