|
Answer» Got sme spyware, whatever, I was running through my System32 files as I noticed some odd file next to rundll32.exe, it was called rundll32.exe_tobedeleted and it realy SCARES the living crap out of me.
What's this odd thing? What will happen if I touch it? Will it delete the real rundll32.exe or what? What if I deleted it?what programs did you use to scan your computer??
upload the file to virustotal
and post the logDKsupern00b ...... You recently had a trojan on that pc didnt you ?
did anyone help you to remove it ?
Please let us know.
dl65 Got it scanned but apparently it got stopped during the scan, this was what I got out of it though:
AhnLab-V32007.5.9.005.09.2007no virus found
AntiVir7.4.0.3206.14.2007no virus found
Authentium4.93.806.14.2007no virus found
Avast4.7.997.006.13.2007no virus found
AVG7.5.0.46705.08.2007no virus found
BitDefender7.206.14.2007no virus found
CAT-QuickHeal9.0006.14.2007no virus found
ClamAVdevel-2007041605.09.2007no virus found
DrWeb4.3306.14.2007no virus found
eSafe7.0.15.005.08.2007no virus found
eTrust-Vet30.7.371806.14.2007no virus found
FileAdvisor106.14.2007No threat detected
Fortinet2.85.0.006.14.2007no virus found
F-Prot4.3.2.4805.08.2007no virus found
F-Secure6.70.13030.005.09.2007no virus found
IkarusT3.1.1.705.09.2007no virus found
Kaspersky4.0.2.2406.14.2007no virus found
McAfee505306.14.2007no virus found
Microsoft1.250306.14.2007no virus found
NOD32v2232906.14.2007no virus found
Norman5.80.0206.14.2007no virus found
Panda9.0.0.406.14.2007no virus found
Aditional Information
File size: 33280 bytes
MD5: 5763e6224286473b771b234476c6538c
SHA1: 423c80fb7bd2f00cff87889d6599f2ba43ca2a0 9
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=5763e6224286473b771b234476c6538c
Are theese results sufficient?
Also yes I did get alot of Trojans, however I assume they have all been removed, currently I'm just trying to replace files that have been damaged and remove files the trojans might have left behind.
I'm using a-squared to scan for Viruses, just updated it a few hours to. Also just scanned and took down whatever spyware I might've had with Ad-Aware 2007 just updated and Spybot Search and Destroy.
Also for some reason I cannot enter my Internet Options, it gives me an error message stating I can't enter them because I have insufficient permissions and tells me to contact the System Administartor, but I'm the Admin!
This is also why I said I only assumed them all to be gone, I'm suspecting 1 to be left.
Currently my Explorer.exe or at least what I believe is the problem is acting rather percular. At random occassions programs in my taskbar will blink as if it was just opened/updated or as if I just recieved a message through IM. I believe it is completely unrelated however, it's just another problem I'd like to make you guys aware of.
Also I'd like to add I keep getting an error message about wuauctl.exe I believe, can't remember, I'm not home atm, using a friend's computer. It tells me the program executed an error and has to END. I know it's related to Windows Update.
Third problem I'd like to add, the final virus/trojan I haven't been able to kill because I weren't able to enter my Internet Options, a rather poor attempt from another program trying to convince me into thinking it's an anti-virus device of sorts, however that is fairly unbelievable, especially with a name like "Ultimate Defender", simply sounds too generic or simplistic for me to believe in it, I keep EXITING the program but everytime I get the wuauctl.exe this fake anti-virus thing tries to run again and I exit it.
The last and 5th problem (in total) is that I keep getting messages from Internet Explorer telling me it is redirecting to a new site even though IE is not active, I noticed however the top of a window on my screen with the following URL on it:
http://www.directporta.info/drivecleaner/8/
This is why I wanted to enter my Internet Options so I could set this page as one of the untrusted and keep my IE from entering it by blocking it somehow if that is even possible.
I'm aware I'm requesting a WHOLE lotta help here, I must also apologize for the awkward explanations I give things, but thanks in advance, even if we don't get it fixed. get superantispyware update it and scan in safe mode.. you got a browser hijack, thats why you get redirected.. can you upload a screenshot of the baloon you get about the fake prgram..Can't take a screenshot but here's a pic from Google: http://www.newfreedownloads.com/imgs/12636-w400.jpg
Mine looks like that, however before it goes into action it asks me first lol, that's where quit it. My biggest concern is that I don't know how to make it stop.
How do I fend off a browser hijack, and is it even possible to do so? Also would it help to uninstall and reinstall IE?
I also got Opera and Firefox installed just in case one or another dies.Ultimate Defender is listed as a rogue spyware app....get rid of it.As I said in some of my earlyer posts Patio,
I know it is some evil stash,
I know I have to remove it,
however as I also said I have no idea HOW to remove it.
Btw theese wuauctl.exe error messages are really appearing ALOT now.Have you attempted to remove it in safe mode with system restore turned off ? ?
I would re-run all your scans this way as well...DK, scan with HijackThis and post a LOG for us to look at.
rundll32.exe_tobedeleted is likely left over from a virus removal program, but there's definitely still something up with your computer.
I'm moving this thread to Viruses/Spyware section.I can't remove Ultimate Defender because I can't locate it's .exe file, if I knew where it is I could've killed it easily, however the .exe file is probably named something totally unrelated in order to protect itself.
Also would it help to uninstall and reinstall IE to fend off the browser hijack?Quote Also would it help to uninstall and reinstall IE to fend off the browser hijack?
AFTER you get everything cleaned up, get spybot s&d, update it, then use the immunize function.how did you try to locate UD?? my computer> hhd> program files> UD folder
or
add/remove programs??
try
Ccleaners tools function its under the issues part Ok guys, really serious busniess this time.
I brought my Hard Disk to work and scanned it with their virus scanner, it deleted some viruses stored in system32,
when I got home and set the Hard Disk back in my computer and started it it went haywire in Windows.
It told me a file named drvfeg.dll was missing, now I checked on Google and stuff which gave no search results. But I'm not sure if it was called drvfeg.dll, however alot of the things that were supposed to run in my taskmanager under processes were missing. In the beginning the Task Bar was visible but only in Classic Windows skin, and after a few reboots it only showed half of the Task Bar with no icons in it.
I can't continue until this problem has been resolved, please tell me there is a way t fix it so we can go on.You have SmitFraud...at the very least. That dll is part of the infection.
Is your Taskbar the only thing affected by this missing dll? Are you still able to boot into Windows at all? If so, please download SmitfraudFix (by S!Ri) to your Desktop.
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (USUALLY C:), and launch from there.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Along with that, I would also like a HijackThis log. Also...I would advise against hooking up your hard drive at work. If you're not careful, you can spred the infection.
|
