Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Strange behavior after malware removal--I don't think it's all


  • Please log in to reply

#1
tvanhorne

tvanhorne

    Member

  • Member
  • PipPip
  • 12 posts
Can anyone give me some advice on this? I downloaded and ran infected software and got the PAK_Generic.001 virus on my machine. I managed to delete the infected files by running antivirus software in safe mode, but when I ran in standard mode my spyware, virus, and firewall software was being disabled, windows update couldn't connect, and my internet connection was disabled due to a winsock error.

When I went back yesterday to work on the problem all of my software seems to be running fine ... except that windows update still won't update (error number 0x80072EFD, firewalls are blocking access. I have added the update websites to my trusted zones (the only suggestion recommended) but I still get this error.) and powrprof.dll is running every few seconds on my machine (seen in Spyware Terminator's realtime list). When I first got the virus, powrprof.dll, avicap32.dll, and msvfw32.dll all ran very frequently; now the latter two have stopped but powrprof.dll is still running a lot. When I go to my power management settings I am not able to change them--they're greyed out--perhaps the dll has been changed/corrupted?

Any thoughts on what's causing this or what I should do to correct it?

Thanks!
  • 0

Advertisements


#2
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
I think your computer is still infected. Read through this area, see if you can Cleanup Your System. This takes care of the many of the problems without further action by the Malware Gurus on this site.

If this doesn't do it, post a HijackThis log HERE. Make sure you read the You Must Read This Before Posting A Hijackthis Log article before posting.

Please be patient as the malware removal experts are extremely busy and it can take 1 to 3 days for them to get to you.
  • 0

#3
tvanhorne

tvanhorne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks Ztrukr! Actually, I've been through that process--it's what got me here. Here's the link to the original thread.

http://www.geekstogo...us-t181081.html

My various logs appeared clean, so I was recommended to post in this forum...

What do you think?

Thanks!
  • 0

#4
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
Ah, okay, read through the thread on the malware forum. You've had an interesting time :)

I did a Google search for 0x80072EFD and got quite a few hits. I'm guessing you did the same, but did you see this one? http://www.updatexp....0x80072efd.html
  • 0

#5
tvanhorne

tvanhorne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Ztruker, thanks--I did a DNS flush and it seemed to solve my problem.

I successfully updated Windows via Internet Explorer... the only update waiting for me was a security patch for IE7. After I installed it, the update that my taskbar was telling me to install disappeared. This indicates to me that the update that my taskbar tool was telling me to install was not a real Windows update file, and that the update manager itself has been compromised. When I first got the virus, other "updates" appeared despite my not being connected to the internet. So it seems logical that the update manager is broken...

Everything else still seems clean, but my power profile is not working and powrprof.dll is executing every few seconds....

Also, the other day when I ran Decker's System Scanner it told me that my Comodo Firewall was disabled, even though it seemed to be working. When I run DSS now it only gives me the main.txt, not the extras.txt, so I can't seem to check this.

What should I do now?
  • 0

#6
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
You could try reinstall Windows Installer 3.1, see if that helps:

http://www.microsoft...;displaylang=en
  • 0

#7
tvanhorne

tvanhorne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hmmm ... I tried that but I still have to do a DNS flush and restart in order to connect. I need to find the dlls that have been corrupted and fix them, but spyware and antivirus aren't helping. Blacklight says it's not a rootkit. How would I search for and repair bad dlls?
  • 0

#8
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
Click on Start then Run, type sfc /scannow and press Enter. See here for info: http://support.microsoft.com/kb/310747

Otherwise, do a Repair Install. How to do a Repair Install
  • 0

#9
tvanhorne

tvanhorne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I tried the scannow, but my powrprof.dll still seems to be corrupted. I'll try the repair install, but I have to wait a week or two to get a new DVD drive! I don't need to back anything up ... I may as well just wipe the machine at this point, I think.

THanks for the help so far. I'll post again in a few if I need to.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP