 |  |  |  |  |  |  |  |
Where is my rundll32.exe?
 |
Hey,
I already posted this elsewhere but I think it's better to do it here (sorry, I'm new!)
I'm suddenly getting an error message "Windows cannot find rundll32.exe" when I try to open certain files. Can anyone give me some idea of why this happened and how I could fix it? I would appreciate it.
Thanks a lot,
Ben in Holland
I already posted this elsewhere but I think it's better to do it here (sorry, I'm new!)
I'm suddenly getting an error message "Windows cannot find rundll32.exe" when I try to open certain files. Can anyone give me some idea of why this happened and how I could fix it? I would appreciate it.
Thanks a lot,
Ben in Holland
•
•
Join Date: Aug 2003
Posts: 9,802
Reputation: 
Solved Threads: 514
The windows rundll32.exe,is in the c:\windows\system32 folder but there is also a Bad rundll32.exe created bu a virus ,but not put in the system folder,.Please follow instruction below.
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
This problem could occur because of Spyware , go on over to the Security section of this fourm and post you problem along with a hijackthis log .
Spyware & Trojans and Other Nasties
,,,,,,,,,,,,,,,,,,,,,,,,
Please Don't post the hijackthis log in this section Thanks .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. HijackThis
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
This problem could occur because of Spyware , go on over to the Security section of this fourm and post you problem along with a hijackthis log .
Spyware & Trojans and Other Nasties
,,,,,,,,,,,,,,,,,,,,,,,,
Please Don't post the hijackthis log in this section Thanks .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. HijackThis
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH
Win7 whats it all about .
http://www.microsoft.com/canada/windows/windows-7/
Going with the Flow ,but the water is low and the rocks are big
http://www.microsoft.com/canada/windows/windows-7/
Going with the Flow ,but the water is low and the rocks are big
•
•
•
•
Originally Posted by caperjack
The windows rundll32.exe,is in the c:\windows\system32 folder but there is also a Bad rundll32.exe created bu a virus ,but not put in the system folder,.Please follow instruction below.
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
This problem could occur because of Spyware , go on over to the Security section of this fourm and post you problem along with a hijackthis log .
Spyware & Trojans and Other Nasties
,,,,,,,,,,,,,,,,,,,,,,,,
Please Don't post the hijackthis log in this section Thanks .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. HijackThis
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH
Thanks so much for your willingness to help. Here's the log HJT came up with. I hope you'll be able to see what the problem is.
Thanks very much, Ben
Logfile of HijackThis v1.99.0
Scan saved at 22:53:04, on 18-12-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\IP INSIGHT\ARMON32A.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXCTL32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS KEYBOARD\MEDIACTR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXMOD32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\IP INSIGHT\ARUPLD32.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.planet.nl/zoeken/ie5/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EASY ACCESS KEYBOARD] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\IP INSIGHT\ARMon32a.exe"
O4 - HKCU\..\Run: [PImenu] C:\Program Files\PImenu\PImenu.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1026.dll,InstantAccess
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
•
•
Join Date: Aug 2003
Posts: 9,802
Reputation:
Solved Threads: 514
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH
Win7 whats it all about .
http://www.microsoft.com/canada/windows/windows-7/
Going with the Flow ,but the water is low and the rocks are big
http://www.microsoft.com/canada/windows/windows-7/
Going with the Flow ,but the water is low and the rocks are big
•
•
Join Date: Aug 2003
Posts: 9,802
Reputation:
Solved Threads: 514
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1026.dll,InstantAccess
This next one optional ,but recomended as it a rescource hog
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
reboot computer and post a new log
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1026.dll,InstantAccess
This next one optional ,but recomended as it a rescource hog
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
reboot computer and post a new log
Win7 whats it all about .
http://www.microsoft.com/canada/windows/windows-7/
Going with the Flow ,but the water is low and the rocks are big
http://www.microsoft.com/canada/windows/windows-7/
Going with the Flow ,but the water is low and the rocks are big
•
•
•
•
Originally Posted by caperjack
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1026.dll,InstantAccess
This next one optional ,but recomended as it a rescource hog
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
reboot computer and post a new log
OK Caperjack,
You're a lifesaver. I've done as you advised. What do you make of this:
Logfile of HijackThis v1.99.0
Scan saved at 00:21:21, on 19-12-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\IP INSIGHT\ARMON32A.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\PIMENU\PIMENU.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXCTL32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS KEYBOARD\MEDIACTR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXMOD32.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.planet.nl/zoeken/ie5/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EASY ACCESS KEYBOARD] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\IP INSIGHT\ARMon32a.exe"
O4 - HKCU\..\Run: [PImenu] C:\Program Files\PImenu\PImenu.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
•
•
Join Date: Aug 2003
Posts: 9,802
Reputation:
Solved Threads: 514
look good now ,do you still get the orignal error message
Win7 whats it all about .
http://www.microsoft.com/canada/windows/windows-7/
Going with the Flow ,but the water is low and the rocks are big
http://www.microsoft.com/canada/windows/windows-7/
Going with the Flow ,but the water is low and the rocks are big
•
•
•
•
Originally Posted by caperjack
look good now ,do you still get the orignal error message
Yeah, I do. Here's a longer version: "Cannot find the file 'c:\windows\rundll32.exe' or one of its components. Make sure the path and filename are correct and that all required libraries are available." This is the same message I've been getting for a while. The file just seems to have vanished. It's not in my C:\WINDOWS\SYSTEM32 folder either, as far as I can tell. Any ideas?
•
•
Join Date: Aug 2003
Posts: 9,802
Reputation:
Solved Threads: 514
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.
CWShredder available from these places :-
http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads...CWShredder.exe
We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT...01052409420406
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Finally if you are going to run both Spybot SD and Ad-Aware SE, leave the rescan with HijackThis until you have completed running both tools. If only running Spybot SD then RESCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’. Please do not attempt to fix anything in HijackThis yourself!
Scanning With Ad-Aware SE :
1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan
2.Close ALL windows except Ad-Aware SE
3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window
1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)
Under Definitions:
*Prompt to udate outdated definitions - set the number of days
2) Click on the ‘Scanning’ button on the left and select in green :
Under Driver, Folders & Files:
*Scan Within Archives
Under Select drives & folders to scan -
*choose all hard drives
Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file
3) Click on the ‘Advanced’ button on the left and select in green:
Under Shell Integration:
*Move deleted files to recycle bin
Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information
Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT
4) Click the ‘Tweak’ button and select in green:
Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only
Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot
Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile
5. Click on ‘Proceed’ to save the settings.
6. Click ‘Start’
*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
9. Save the log file when it asks and then click ‘finish’
10. REBOOT to complete the removal of what Ad-Aware SE found
Finally after running both Spybot SD and Ad-Aware SE, RESCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’. Do not attempt to fix anything in HijackThis yourself!
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
CWShredder available from these places :-
http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads...CWShredder.exe
We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT...01052409420406
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Finally if you are going to run both Spybot SD and Ad-Aware SE, leave the rescan with HijackThis until you have completed running both tools. If only running Spybot SD then RESCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’. Please do not attempt to fix anything in HijackThis yourself!
Scanning With Ad-Aware SE :
1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan
2.Close ALL windows except Ad-Aware SE
3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window
1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)
Under Definitions:
*Prompt to udate outdated definitions - set the number of days
2) Click on the ‘Scanning’ button on the left and select in green :
Under Driver, Folders & Files:
*Scan Within Archives
Under Select drives & folders to scan -
*choose all hard drives
Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file
3) Click on the ‘Advanced’ button on the left and select in green:
Under Shell Integration:
*Move deleted files to recycle bin
Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information
Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT
4) Click the ‘Tweak’ button and select in green:
Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only
Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot
Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile
5. Click on ‘Proceed’ to save the settings.
6. Click ‘Start’
*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
9. Save the log file when it asks and then click ‘finish’
10. REBOOT to complete the removal of what Ad-Aware SE found
Finally after running both Spybot SD and Ad-Aware SE, RESCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’. Do not attempt to fix anything in HijackThis yourself!
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Win7 whats it all about .
http://www.microsoft.com/canada/windows/windows-7/
Going with the Flow ,but the water is low and the rocks are big
http://www.microsoft.com/canada/windows/windows-7/
Going with the Flow ,but the water is low and the rocks are big
•
•
•
•
Originally Posted by caperjack
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.
CWShredder available from these places :-
http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads...CWShredder.exe
We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT...01052409420406
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Finally if you are going to run both Spybot SD and Ad-Aware SE, leave the rescan with HijackThis until you have completed running both tools. If only running Spybot SD then RESCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’. Please do not attempt to fix anything in HijackThis yourself!
Scanning With Ad-Aware SE :
1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan
2.Close ALL windows except Ad-Aware SE
3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window
1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)
Under Definitions:
*Prompt to udate outdated definitions - set the number of days
2) Click on the ‘Scanning’ button on the left and select in green :
Under Driver, Folders & Files:
*Scan Within Archives
Under Select drives & folders to scan -
*choose all hard drives
Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file
3) Click on the ‘Advanced’ button on the left and select in green:
Under Shell Integration:
*Move deleted files to recycle bin
Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information
Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT
4) Click the ‘Tweak’ button and select in green:
Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only
Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot
Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile
5. Click on ‘Proceed’ to save the settings.
6. Click ‘Start’
*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
9. Save the log file when it asks and then click ‘finish’
10. REBOOT to complete the removal of what Ad-Aware SE found
Finally after running both Spybot SD and Ad-Aware SE, RESCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’. Do not attempt to fix anything in HijackThis yourself!
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
OK -- a couple of questions/observations here. First, when I ran CWShredder, I got yet another error message, which was new to me but which says the same thing the older ones did:
"The Windows system file RUNDLL32.EXE has been damaged or is missing from C:\\WINDOWS. You might be unable to open items in the control panel until you restore this file from your Windows Setup CD using the Windows System File Checker (SFC.EXE)."
I went ahead and scanned with Ad-Aware SE, which came up with 744 critical objects. But before I proceed to delete the objects, I want to confirm something with you. Your instruction list (nos. 8 & 9) says this: "If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window." And then "Save the log file when it asks and then click finish." But I have been offered three different summaries ("Scan Summary", "Critical Objects", and "Scan Log") and I don't see anything that offers me a chance to save the log file. I could copy it into Word or something but I don't think that's what you mean, right? Should I just go ahead and delete them all and then reboot? I think that's right but I do want to check with you before I proceed.
|
Similar Threads
- rundll32.exe problems (Viruses, Spyware and other Nasties)
- rundll32.exe problems (Windows NT / 2000 / XP)
- RUNDLL32.EXE is not responding (Viruses, Spyware and other Nasties)
- Rundll32.exe error on shut down & Home Page being overidden (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: spontaneous internet failure
- Next Thread: Just another "How do I get rid of xadsjt offeroptimizer?" post
Views: 6220 | Replies: 18
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-virussitesaccessissue antivirus apple audio avg botnet censorship combofix commercials conficker connect crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exploit explorer facebook gaming gtaiv gumblar halloween herss.exe hosting ie8 internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news norton obama onlinethreats paedophile panel patch pdf phishing police policeprovirusmba-mblockedinternetaccess privacy pro problem redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted usa virus viruses vista volume vulnerability war warning web windows worm yahoo zeroday
