Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I Think I Got Hacked


  • This topic is locked This topic is locked

#1
CycloneGU

CycloneGU

    Member

  • Member
  • PipPip
  • 47 posts
(Oops...can we move this to Windows Vista?)

On Friday, I saw my computer doing something weird and eventually had to pull the plug to reboot it (this one's a laptop with no current working battery). When I rebooted, I started getting the error ODBC32.dll is not designed to run on this computer. I eventually determined msnmsgr.exe (Windows Live Messenger, working fine until my reboot) was the trigger and quit the process to stop generating the endless error.

Later, I attempted to run iTunes and got the same error (only once tho, followed by a prompt to reinstall iTunes). I later tried to use Paint - the basic no-added-feature utility PAINT, from the Accessories folder - and it gave the same error! Later, I looked at System Restore points to find a "language pack removed" restore point from the approximate time and date I originally encountered my issue with the laptop acting stupid. I spent 24 hours or so backing up files, and today tried to run the System Restore. It's gone; the only thing there is three system-generated checkpoints from the last three days. I think a hacker not only uninstalled the language pack; he intentionally went in and deleted my System Restore points to make it impossible for me to undo his changes. :)

So my question now is simple. Do I just reformat the thing? Or can I still find the language pack to reinstall? I used to have a firewall but had to uninstall it because it gave me problems with Mozilla Firefox (it was included with the system...and it was Norton NEway, with expired virus-checker because I can't afford to buy protection on the verge of needing social assistance), so right now at the time the crap happened I had no immediate firewall except for a Windows firewall, which I hope wasn't disabled at the time. Other than this, though, what can I do to restore ODBC32.dll to working status since I am having trouble replacing the file? (I did download a clean copy.)

Cyclone

Edited by CycloneGU, 31 May 2010 - 02:01 PM.

  • 0

Advertisements


#2
Macboatmaster

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
There is certainly no need to worry about the cost of computer security and protection as there are many excellent free programs available, for instance Comodo Firewall is hard to beat..
Microsoft provide Microsoft Security Essentials free, continually updated and although many would say there are better anti-virus and spyware, it is not that bad, in fact in my opinion it is quite good.
Avast is also highly rated.
However the first thing is to establish if the computer has been infected by Malware.
Please go to the Self Help section of the Malware Forum and run the suggested programmes there, if you then need to post in that Forum and after a certified Malware removal advisor has given you a clean bill of health, you can then post back here if necessary.
  • 0

#3
CycloneGU

CycloneGU

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I think if a language pack has been removed, there is a much bigger problem than malware. Is there a way to determine as to what caused the language pack to be removed? I'm familiar with the other section - I have an extremely old case there from an old(er) PC.

Cyclone
  • 0

#4
Macboatmaster

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
There may well be other problems, it MAY not be Malware, but the advice I gave is the still the best advice I can offer, apart from back everything up if possible to a stand alone drive
  • 0

#5
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
Try sfc /scannow, chkdsk /r or a Repair Installation
In any case if you suspect you were hacked you may be infected and I suggest you go to the Malware Removal and Spyware Removal Forum and run all the steps located in the
START HERE. These self-help tools will help you clean up 70% of problems on your own.
If you are still having problems after doing the steps, then please post the reguested logs in THAT forum.
If you are unable to run any of the tools then start a new topic in the malware forum and put this in the subject line...I am unable to run any malware tools

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

Add a link to this topic so that malware tech can see what steps have been taken here

Edited by rshaffer61, 31 May 2010 - 04:32 PM.

  • 0

#6
CycloneGU

CycloneGU

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Indeed, my chief concern is that some of the tools there may very well not run if they require that DLL. I'll play with it 2morrow perhaps, I have business in the morning and finding a job is still my own top priority.

Cyclone
  • 0

#7
Macboatmaster

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
Basically the same advice I gave you on my post 2.
In case you are infected I strongly recommend you follow the advice from me and later from RShaffer61.

Edited by Macboatmaster, 01 June 2010 - 04:15 PM.

  • 0

#8
CycloneGU

CycloneGU

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Okie...I just tried running MSConfig and it's refusing to let me run it, citing the same ODBC32.dll error. I did get a HiJackThis scan through, but I can't see anything suspicious on it. I'm about ready to just use the RECOVERY partition - it seems like it would be quicker after I save a list of programs that I have so I don't forget them when I start up again.

So here is my question, prior to posting in the malware forum. Is there a safe way to replace the ODBC32.dll file, which is apparently already in use by Windows when I get in? Is it replacable in Safe Mode, and how (other than shutting down improperly and rebooting) do I access it? I'm thinking that might solve a lot of my problems from the get-go, then I can do malware checks properly. I've already run RegistryBooster and cleared some 200+ errors.

One final note: for some reason, while the access method is unchanged, my files folder is displayed as "I". Kinda odd...

Cyclone

Edited by CycloneGU, 11 June 2010 - 06:05 PM.

  • 0

#9
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts

I've already run RegistryBooster and cleared some 200+ errors.

We never advise to use these tools as they seem to cause more problems then they fix. This may be the root of all your issues.
Please follow the malware suggestion we have given. Once they have declared you healthy then return to this topic if there is still any lingering issues.
  • 0

#10
CycloneGU

CycloneGU

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Actually, the problem occurred before I tried RegistryBooster. I didn't do anything at all until I found the ODBC32.dll error. That was the first error I had, and I found the problem with msconfig.exe as I was starting to look into the Malware section.

I've been poking around the Malware area here lately.

EDIT: Turns out I removed a virus I didn't know I had using the Microsoft thing in Step 2. But other than that, the recommended tools did nothing, and ODBC32.dll is still causing problems. I cannot run MSConfig until it's fixed and working...so anyone have a working procedure to repair this file? I found an application that claims it can fix it, but it's a product one must buy or find a working serial for.

Cyclone

Edited by CycloneGU, 11 June 2010 - 08:37 PM.

  • 0

Advertisements


#11
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
Again these sites claiming they can fix it and want to charge for it are not worth it.
Do you have a XP installation disk?
You have provided no information on your system so we can't determine the course of action to take.
Is this a brand name system and if so what make and model?
If custom built what is the make and model of the motherboard?
Since this occurs on startup then the firsts step is to try and fix the System File Checker using the instructions below.

Go Start and then to Run ("Start Search" in Vista),
Type in: sfc /scannow
Click OK (Enter in Vista).
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.
In Vista you will receive the following message: "Windows resource protection did not find any integrity violations".

For Vista users ONLY: Navigate to C:\Windows\Logs\CBS folder. You'll see CBS.log file.
Usually, it's pretty big file, so upload it to Flyupload, and post download link.


If you don't have Windows CD....
This applies mostly to Windows XP, since Vista rarely requires use of its DVD while running "sfc"
Note This method will not necessarily work as well, as when using Windows CD, because not always ALL system files are backed up on your hard drive. Also, backed up files may be corrupted as well.

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

You will see various entries Values on the right hand side.

The one we want is called: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePatch setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!


Thanks to Broni for the instructions
  • 0

#12
CycloneGU

CycloneGU

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I indicated that I'm on Vista. As for specs...which specs would you need? It's a brand name HP 1008-ca model from August, 2008.

Also, I tried the sfc /scannow earlier directly from the command prompt. It told me I'm not logged in as an admin. Which is funny - I AM the admin. but it's not recognizing it in the command prompt. I was hoping that would solve my problem immediately, but it's not working. I wonder if whatever changed my folder display name to "I" (it still shows my actual name in the path) might be to blame. Meanwhile, if I do it from the Start Menu in the search box, it command prompts it and closes immediately, probably the same error. So that's not working.

I cannot open the CBS file. Access is denied (at least in Notepad...too big for it?).

Cyclone

Edited by CycloneGU, 11 June 2010 - 11:33 PM.

  • 0

#13
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
How to Open Elevated Command Prompt in Windows 7
Method 1: Manual

1. Click on Windows 7 Start Button

2. Go to All Programs-> Accessories

3. Now right on Command Prompt and select “Run as Administrator” from context menu.

4. This should bring elevated command prompt mode with full Administrators rights.
Method 2: Search Bar

1. Click on Start and type CMD in search bar

2. Now press Ctrl+Shift+Enter

3. This should bring elevated command prompt with full Administrators rights.

Once you get one of the above to run as administrator then follow the sfc instructions. The instructions are written for both XXP and Vista users.
  • 0

#14
CycloneGU

CycloneGU

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
All right. That worked. However, it said that "some problems could not be fixed" (however they worded it).

This was after rebooting with 32 installed updates. Problem didn't go away then either. However, Service Pack 2 is now sitting here waiting to be installed (I thought I was on SP2, guess it never went in). I'm using the system right now and thus am not installing it yet, but expect to be away later and plan to install during that time. Should I attempt something else in the meantime?

Also, I can update the problem list. These files and applications ALL have problems with ODBC32.dll:

sttray.exe
BrMfcWnd.exe (something with a printer software I don't use now)
BrccMCtl.exe (same printer)
IDT PC Audio (may be one of those)
msnmsgr.exe (MSN Messenger)
iTunes
Windows Paint
msconfig.exe

Further, I get this window coming up when I load Windows (the Problems and Solutions application):

"There was a problem with Windows that caused it to stop working correctly. Your computer might be missing updates that can help improve its stability and security."

Of course I just installed updates...maybe SP2-related updates will show up after I install SP2...

Finally, a window tried to come up yet again today claiming "There is no boot disc." This window cannot be exited, and Alt-Tab does not remove it (the taskbar vanishes under it, too). This is the only reason I think it's Malware; without this, something could have been installing or uninstalling and accidentally aborted.

Also, if I forgot to mention it...I never got to try System Restore as the restore point became invalid after a day for some reason. A language pack was shown removed as the reason for the restore point. That's the first time the funny window in the prior paragraph started to show up, incidentally.

EDIT: I have since rebooted three times. GMER starts a scan, then freezes everything, forcing manual shutdown. Since then, my system has started to perform more slowly. I am now considering the possibility that the malware is disguised as odbc32.dll; the one I've downloaded is roughly HALF the size of the one currently in the folder. If it's disguised malware, removing it clears my problem immediately and I can start checking everything else; otherwise, GMER will continue to freeze me. I will try OTL right now and update in that forum.

THE LATEST: It just happened while I was using the laptop! Suddenly the screen went black, and it "rebooted"...to tell me there was no boot disc! I forced the power off, and back on...and it loaded normally! Something is coming up that is maliciously trying to tell me I have to reformat (which at this point looks pretty feasible). What do we know of here that does that? It's definitely malware, and my OTL log is in the malware forum right now. I'll be installing SP2 as I leave for a trip somewhere else...but I'm worried the fake bootup will just happen again as I try to install, so this might be a bad idea.

Cyclone

Edited by CycloneGU, 12 June 2010 - 02:24 PM.

  • 0

#15
rshaffer61

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
I suggest seeing the malware topic through to make sure about any infection hiding itself.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP