Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

can't run applications from Malware/Spyware cleaning Guide


  • Please log in to reply

#1
jjjoseph

jjjoseph

    Member

  • Member
  • PipPip
  • 17 posts
as mentioned previous, I had an issue with the IS 2010 Security malware/spyware. Using RKILL.com and Malawarebytes applications, that got rid of that issue.

But now, as I try to run the applications and following the instructions from the Malaware/Spyware Cleaning guide, I am having issues.

I am able to run TFC to completion, and the PC restarts. In finishing the restart. am now getting two warning banners, about two .dll files that can't be loaded.

The first RUNDLL warning banner that pops up is: "error loading fatopoe.dll" the specified module could not be found.

Followed shortly with another RUBDLL warning " Error loading c:\documen~1\NETWOR~1\ntload.dll the specified module could not be found.

So, I hit "OK" to move on, and things look ok.

So, then I tried to execute "System Restore step. I had downloaded it directly to the desktop, double click to run, I ge the "publisher could not be verfied" banner, so I choose to "run", when I do, I get another warning banner ".NET Framework Initialization Error", content line shows: "C:\windows\microsoft.net\Framework\v2.0.5072\mscorwks.dll could not be loaded".

So, then I went ahead and ran the "erunt" utility, and that ran fine.

Then I moved on to Rootkill, since I already ran "malaware" previously.

Rootkill was launched from the desktop, it put up a banner that it was initializing, and the application seemed to freeze, No update, status, notices or anything.

So, I figured ok, go ahead and capture the OTL log, when I pasted the infomation into the Custom Scan Log as stated, and ran the quick scan, the application started, and update the status at the bottom, until it seemed to freeze at "Scanning NetSvcs Setting...."

In addition, I did start the Kapersky Scan, and stopped after it ran for over 10 hours, but the following is what was captured:
------------------------------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 16, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 16, 2009 13:54:30
Records in database: 3378309
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 202503
Threats found: 10
Infected objects found: 21
Suspicious objects found: 0
Scan duration: 10:15:46


File name / Threat / Threats count
c:\documents and settings\all users\application data\adobe\sp.dll/c:\documents and settings\all users\application data\adobe\sp.dll Infected: Trojan-Proxy.Win32.Agent.byn 3
C:\Documents and Settings\Administrator.JOSEPH_MAIN_PC\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.b 1
C:\Documents and Settings\Administrator.JOSEPH_MAIN_PC\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.a 1
C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL Infected: Trojan-Proxy.Win32.Agent.byn 1
C:\Documents and Settings\Default User\My Documents\JJJoseph\jjjoseph\receive\kmd202.exe Infected: Trojan-Downloader.Win32.VB.kxl 1
C:\Documents and Settings\Default User\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.b 1
C:\Documents and Settings\Default User\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.a 1
C:\Documents and Settings\Owner\Local Settings\temp\B1.tmp Infected: Trojan.Win32.Cosmu.ebn 1
C:\Documents and Settings\Owner\My Documents\JJJoseph\jjjoseph\receive\kmd202.exe Infected: Trojan-Downloader.Win32.VB.kxl 1
C:\Documents and Settings\Owner\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.b 1
C:\Documents and Settings\Owner\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.a 1
C:\jujf.exe Infected: Trojan.Win32.Koblu.bld 1
C:\Qoobox\Quarantine\C\WINDOWS\System.exe.vir Infected: Trojan.Win32.Buzus.cqwm 1
C:\WINDOWS\Downloaded Program Files\ForbesDownloader.ocx Infected: Trojan-Downloader.Win32.Genome.pzy 1
C:\WINDOWS\system32\config\systemprofile\My Documents\JJJoseph\jjjoseph\receive\kmd202.exe Infected: Trojan-Downloader.Win32.VB.kxl 1
C:\WINDOWS\system32\config\systemprofile\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.b 1
C:\WINDOWS\system32\config\systemprofile\My Documents\JJJoseph\jjjoseph\receive\NewSpy.exe Infected: not-a-virus:Monitor.Win32.RealSpy.a 1
C:\WINDOWS\system32\crt4.dll Infected: Backdoor.Win32.Delf.rxu 1
C:\WINDOWS\system32\lsm32.sys Infected: Trojan.Win32.VB.zjv 1

Scanning stopped by the user.
-----------------------------------------------------------------------


So, I would appreciate and assistance or recommendation as the best way to proceed...

Thanks in advance..

JJJSLJ

Edited by jjjoseph, 16 December 2009 - 09:00 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP