Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Two rundll32.exe processes [Solved]

Started by Aravinth , Mar 20 2009 03:05 AM

  • This topic is locked This topic is locked

#31
Aravinth
Posted 17 April 2009 - 11:42 AM

Aravinth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi handhfan,


The pc is as good as new now .. :) thank you for your patience in guiding me through these steps. Let me knw if there is anything fishy still in my pc :) Thanks again.
  • 0

Advertisements

#32
handhfan
Posted 19 April 2009 - 10:09 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\System32\windows.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#33
Aravinth
Posted 20 April 2009 - 06:21 AM

Aravinth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Handhfan,


VirSCAN.org Scanned Report :
Scanned time : 2009/04/20 15:17:36 (AST)
Scanner results: All Scanners reported not find malware!
File Name : windows.exe
File Size : 679936 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 335fb5b236227217e54269fa85a1b27d
SHA1 : 6f9bf9be6503e4e6db3639be1e07cd8c5f416e4c
Online report : http://virscan.org/r...ab745ae73b.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090420083245 2009-04-20 5.78 -
AhnLab V3 2009.04.20.01 2009.04.20 2009-04-20 0.00 -
AntiVir 7.9.0.148 7.1.3.77 2009-04-20 0.00 -
Antiy 2.0.18 20090420.2314848 2009-04-20 0.00 -
Arcavir 2009 200904201018 2009-04-20 0.00 -
Authentium 5.1.1 200904191447 2009-04-19 0.00 -
AVAST! 3.0.1 090419-0 2009-04-19 0.00 -
AVG 7.5.52.442 270.12.0/2068 2009-04-19 0.00 -
BitDefender 7.81008.2849437 7.24901 2009-04-20 0.00 -
CA (VET) 9.0.0.143 31.6.6435 2009-04-14 0.00 -
ClamAV 0.95 9258 2009-04-20 0.00 -
Comodo 3.8 1121 2009-04-19 0.00 -
CP Secure 1.1.0.715 2009.04.18 2009-04-18 0.00 -
Dr.Web 4.44.0.9170 2009.04.20 2009-04-20 0.00 -
F-Prot 4.4.4.56 20090419 2009-04-19 0.00 -
F-Secure 5.51.6100 2009.04.20.06 2009-04-20 0.00 -
Fortinet 2.81-3.117 10.300 2009-04-20 0.00 -
GData 19.4758/19.304 20090420 2009-04-20 0.00 -
ViRobot 20090417 2009.04.17 2009-04-17 0.00 -
Ikarus T3.1.01.49 2009.04.20.72605 2009-04-20 0.00 -
JiangMin 11.0.706 2009.04.20 2009-04-20 0.00 -
Kaspersky 5.5.10 2009.04.20 2009-04-20 0.00 -
KingSoft 2009.2.5.15 2009.4.20.14 2009-04-20 0.00 -
McAfee 5.3.00 5589 2009-04-19 0.00 -
Microsoft 1.4502 2009.04.20 2009-04-20 0.00 -
mks_vir 2.01 2009.04.20 2009-04-20 0.00 -
Norman 6.00.06 6.00.00 2009-04-17 0.00 -
Panda 9.05.01 2009.04.18 2009-04-18 0.00 -
Trend Micro 8.700-1004 5.976.05 2009-04-20 0.00 -
Quick Heal 10.00 2009.04.20 2009-04-20 0.00 -
Rising 20.0 21.26.03.00 2009-04-20 0.00 -
Sophos 2.85.0 4.40 2009-04-20 0.00 -
Sunbelt 5101 5101 2009-04-18 0.00 -
Symantec 1.3.0.24 20090419.005 2009-04-19 0.00 -
nProtect 20090420.01 3484151 2009-04-20 0.00 -
The Hacker 6.3.4.0 v00309 2009-04-15 0.00 -
VBA32 3.12.10.2 20090420.0645 2009-04-20 0.00 -
VirusBuster 4.5.11.10 10.104.3/1260430 2009-04-19 0.00 -
  • 0

#34
handhfan
Posted 21 April 2009 - 05:15 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O4 - HKCU..\Run: [Windows] "C:\Windows\System32\windows.exe" ()
O33 - MountPoints2\{94407039-f861-11dd-968c-000138825422}\Shell\AutoRun\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
O33 - MountPoints2\{94407039-f861-11dd-968c-000138825422}\Shell\open\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

  • 0

#35
Aravinth
Posted 22 April 2009 - 02:09 PM

Aravinth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows not found.
File "C:\Windows\System32\windows.exe" not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94407039-f861-11dd-968c-000138825422}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94407039-f861-11dd-968c-000138825422}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94407039-f861-11dd-968c-000138825422}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94407039-f861-11dd-968c-000138825422}\ not found.
File not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\temp\etilqs_GZcZWO6l2eftOCwmACUT scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1d8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.0 log created on 04222009_230301

Files moved on Reboot...
File C:\Documents and Settings\Ar@vinth\Local Settings\temp\etilqs_GZcZWO6l2eftOCwmACUT not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_1d8.dat not found!
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...
  • 0

#36
handhfan
Posted 23 April 2009 - 03:59 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. :)

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard gives you realtime protection from spyware.
  • Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
  • Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!
  • 0

#37
handhfan
Posted 26 April 2009 - 02:04 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP