I just posted this in the Windows XP forum, but then I noticed this section so I am reposting. Sorry for the double post! Here is the original message, any help would be appreciated. thanks--

I have a problem with my computer. I saw a guy on expert-exchange talk about it, but I couldn't see the responses because I am not a member. He described it best, so I will paste his description here:

On Win XP Pro SP2 PC, when most any program or sytem utility on PC is run an error comes up saying to Choose a Program to open "rundll.32.exe" with (i.e Like when you click a file and select "Open with". I,E THAT WINDOW is the one I mean.) Also same error for Winword (MS Word) saying Choose a program to open Winword with.
Or most (not all) of the icons/utilities in the Control Panel lead to this error. (with Rundll32.exe as the exe to find a program to open it with)

I saw this virus FIRST a few days ago on a different PC than the one I am posting about here. And was unable to solve it (Because I did a repair install (see below) and after that failed in the middle could not get the PC to boot back to Windows so I could try all the usual Malware removal techniques, a mistake I will not make today.)

System Restore fails because IT USES RUNDLL.32 EXE

Windows Repair Install from XP Pro SP2 CD fails because after reboot into a small version of Windows to do most of the repair install, IT RUNS RUNDLL32.EXE (i.e the one copied from the Windows Install CD gets infected quickly possibly by a registry entry that is not changed at that point in the Repair instal; this is, of course, nothing but speculation on my part).

QUESTION, IF YOU HAVE SEEN THIS PARTICULAR BUG **AND** SOLVED IT PLEASE REPLY WITH A SOLUTION.
Examples: Run this virus destroyer tool (provide a link please) (with options to choose if a applicable)
NOTE: PLEASE ONLY REPLY WITH THE TOOL THAT FIXED THE SPECIFIED PROBLEM FOR YOU, NOT GOOD GENERAL PURPOSE MALWARE REMOVAL TOOLS.
OR
Change or delete this (named) Registry Entry
OR
Delete this (named) file in the (named) System folder

AN ACCEPTABLE REPLY IS **NOT** TO ASK ME TO PROVIDE ANY LOG (EX HIJACK THIS LOG, DSS LOG, OR ANY LOG) AND **THEN**YOU will help me. Because I already have a partner who is a malware removal expert who I will be using that approach with and sending my partner the logs.

THE PURPOSE OF THIS POST IS TO FIND SOMEONE who has seen the problem and knows the solution with no additional information (i.e Been there, done that) . NOT TO FIND SOMEONE TO HELP AFTER I PROVIDE LOGS AS I ALREADY HAVE THAT SORT OF PERSON AVAILABLE OUTSIDE THIS FORUM.

BTW A Google search found THREE other people who have this exact problem, posted in some forum about it AND NO ONE REPLIED WITH A SOLUTION.

Regards,
Mike


That was his description, and apparently someone solved the problem. Now I have the same problem, does anyone know how to solve it? THANK YOU!!!

Recommended Answers

All 8 Replies

I will quote to you the exact answer given on the experts exchange thread you noted

This could be anything. With the description you gave you could be talking about so many different malware variants. There is no one answer and you're looking for something we can't give without good information to go on.

We DO need logs. There is absolutely NO way we can know the cause of the problem unless we see some logs and you tell us EXACTLY what is going on.

Read me before posting a request for assistance

Hi
Thanks for the info, I had actually read that before but can't really do anything. I forgot to mention this in my post.

I had started to run a repair install of windows XP, and when it tried to reinstall rundll32.exe, it runs it instead so I get the box that says "choose program".

So, I'm stuck. Can I exit at this point without damaging my data? How do I do this?

What happens if I turn off my computer, will windows still work (the repair install is only a part way through).

Or, what should I do at this point? I don't see a way to cancel the install because the choose program box is open. When I choose a program, i.e. notepad, it will open but the choose program box open right back up anyways.


EDIT: If there is a way to get out of this install, I think I can get the logs right away. The other people with a similar virus say that any program that tries to open can't because it gets the 'choose program' box, but we will see.

Thanks

Honestly I don't know for sure what to tell you. Hopefully one of the others will notice this thread and give you a better answer than that. But I have not ever had that question before. Problem is a repair install doesn't really fix everything, there are some files and registry items it doesn't touch

I have sent a PM to one of the other folks here who may be able to take a look and offer some help. Don't know that he will get back with you tonight but hopefully as soon as possible.
Judy

Thanks Judy. I am trying to get this figured out, I guess this is some newer virus? I will get a solution up as soon as I have one.
I appreciate everyone's effort though!

I agree with what jholland1964 has said. We need some logs to look at before anything can be determined. I personally have not seen this one before.

==

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.

thanks for looking, crunchie. Would you mind taking a look at my other post in the Windows XP forum, titled Repair Iinstall problem - how can I abort??


Thanks

thanks for looking, crunchie. Would you mind taking a look at my other post in the Windows XP forum, titled Repair Iinstall problem - how can I abort??


Thanks

For anyone interested in what is going on then see this thread;
http://www.daniweb.com/forums/thread138561-2.html

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.