Announcement

Collapse
No announcement yet.

Malware - What next?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Malware - What next?

    I am looking at a friends computer and trying to find why it is acting crazy. He says it all started when he did a Windows update the other day and the update took two days to complete. Once complete it started acting weird.

    I looked up his update history and see where Service pack 2 has failed to install on several occasions. His firewall was also down.

    Several programs would not open (Explorer, McAfee, etc). When they did they had several instances pop up at once. I assume this was from his frustrating double clicking. I did finally get the Explorer to open. The McAfee was a trial the computer came with so I used the McAfee removal tool then installed AVG2011. Ran a scan and imediately it found "rundll32.exe" and put it in the vault as malware. It also found 4 Trojan Horse Downloaders and reports that it eliminated them.

    I have Googled "rundll32.exe" and got many conflicting stories on what to do next. Has anyone else dealt with this? Does this sound like a corrupted .dll or a disguised virus? Either way, it is in quarantine and I dont want to do anything else until I know I will not just make it corrupt again.
    All postings by BadOrderKing are public information, works of fiction, sometimes resembling the rants of a madman and in no way should be construed to represent the positions, views, or thoughts of any particular railroad carrier. No one listens to him anyway.


  • #2
    Originally posted by BadOrderKing View Post
    I am looking at a friends computer and trying to find why it is acting crazy. He says it all started when he did a Windows update the other day and the update took two days to complete. Once complete it started acting weird.

    I looked up his update history and see where Service pack 2 has failed to install on several occasions. His firewall was also down.

    Several programs would not open (Explorer, McAfee, etc). When they did they had several instances pop up at once. I assume this was from his frustrating double clicking. I did finally get the Explorer to open. The McAfee was a trial the computer came with so I used the McAfee removal tool then installed AVG2011. Ran a scan and imediately it found "rundll32.exe" and put it in the vault as malware. It also found 4 Trojan Horse Downloaders and reports that it eliminated them.

    I have Googled "rundll32.exe" and got many conflicting stories on what to do next. Has anyone else dealt with this? Does this sound like a corrupted .dll or a disguised virus? Either way, it is in quarantine and I dont want to do anything else until I know I will not just make it corrupt again.

    Just use this, it should take care of all of your issues. If the antivirus software found all of those this software will probably find a few more that the antivirus software won't! I also use ESET Nod32 for antivirus........ PM me if you need further help
    Malwarebytes' Anti-Malware: Malwarebytes
    Last edited by FutureHogger; 02-01-2011, 05:50 PM.

    Comment


    • #3
      rundll32.exe is a valid windows core tool. It could be a fake version with mal intent but I have know way to know. The official version is used to call the program subroutines found in DLL's. Normally it is called automatically, but could be used manually for very specific needs. You need to have a real version handy for replacement if you decide to delete the one fingered as malware.
      sigpic ΜΟΛΩΝ ΛΑΒΕ "Come and get them" Leonidas I to Xerxes, at Battle of Thermopylae

      Comment


      • #4
        Originally posted by jonnyseeandoh View Post
        rundll32.exe is a valid windows core tool. It could be a fake version with mal intent but I have know way to know. The official version is used to call the program subroutines found in DLL's. Normally it is called automatically, but could be used manually for very specific needs. You need to have a real version handy for replacement if you decide to delete the one fingered as malware.
        Thats what I am gathering from what I have read. I have seen people say to get a good one, put it somewhere...... Yeah..... You see where this is going.

        Would this cause programs to not open properly or at all? The thing is running great now. Everything is opening properly. I did go ahead and turn his firewall back on and let it run some updates. It took the service pack 2 update this time. Not sure if I should have done that, but hell he said play with it and if I screw it up too bad just wipe it and reinstall.

        I have such trusting friends. LOL
        All postings by BadOrderKing are public information, works of fiction, sometimes resembling the rants of a madman and in no way should be construed to represent the positions, views, or thoughts of any particular railroad carrier. No one listens to him anyway.

        Comment


        • #5
          Originally posted by FutureHogger View Post
          Just use this, it should take care of all of your issues. If the antivirus software found all of those this software will probably find a few more that the antivirus software won't! I also use ESET Nod32 for antivirus........ PM me if you need further help
          Malwarebytes' Anti-Malware: Malwarebytes
          I have also seen that mentioned a lot as well. Hell, I might just throw everything at it just for fun. LOL
          All postings by BadOrderKing are public information, works of fiction, sometimes resembling the rants of a madman and in no way should be construed to represent the positions, views, or thoughts of any particular railroad carrier. No one listens to him anyway.

          Comment


          • #6
            Do one thing at a time....get it fully patched with all of M$'s sanctioned updates, after it's otherwise clean of course....and then throw whatever safety tools you can get at it and maybe teach ole cuz or whoever, to mind what he clicks on....Oh well, it's windoze, but at least it might run with your ministrations.
            sigpic ΜΟΛΩΝ ΛΑΒΕ "Come and get them" Leonidas I to Xerxes, at Battle of Thermopylae

            Comment


            • #7
              Originally posted by jonnyseeandoh View Post
              Do one thing at a time....get it fully patched with all of M$'s sanctioned updates, after it's otherwise clean of course....and then throw whatever safety tools you can get at it and maybe teach ole cuz or whoever, to mind what he clicks on....Oh well, it's windoze, but at least it might run with your ministrations.
              What about that bad .dll? How do I fix it?
              All postings by BadOrderKing are public information, works of fiction, sometimes resembling the rants of a madman and in no way should be construed to represent the positions, views, or thoughts of any particular railroad carrier. No one listens to him anyway.

              Comment


              • #8
                Well, if it's really a chunk of badware, you can try to delete it, and then empty the trash can, but I'd worry there's more there that would try to get another one if you do delete it...a good malware finding software should be able to get rid of phony dll's and the badware that puts them in there. Some scanning software misindentifies normal stuff though so google the specific file to see what it does, and see if there any info that any known badware can spoof it.
                sigpic ΜΟΛΩΝ ΛΑΒΕ "Come and get them" Leonidas I to Xerxes, at Battle of Thermopylae

                Comment


                • #9
                  Originally posted by BadOrderKing View Post
                  I have also seen that mentioned a lot as well. Hell, I might just throw everything at it just for fun. LOL
                  Malwarebytes is good shit....it finds EVERYTHING. My former boss had a bad habit of visiting sites that would get him malware and that software fixed it every time! that dll should be readily available for DL online.

                  Comment


                  • #10
                    I do believe Malwarebytes found the issue. The rundll32.exe is associated with a file that it believes to be a Trojan virus. Told me I would have to restart to finish removal. I restarted and Windows told me that something could not open properly (The file MB found as a virus). I looked in the system configuration under the start up tab and there it is with a check in its box. I assume this means it is still active?

                    Labeled:
                    Start up item - Okuharukururulip
                    Manufacturer - Unknown
                    Command - rundll32.exe "C:\Users\Computer name\AppData\local\ijelawet.dll", Start up

                    I have googled "ijelawet.dll" and "Okuharukururulip " and found not even a close match to anything computer related.

                    I believe we found it. What next? How do I make sure it is dead? What the hell is it?
                    All postings by BadOrderKing are public information, works of fiction, sometimes resembling the rants of a madman and in no way should be construed to represent the positions, views, or thoughts of any particular railroad carrier. No one listens to him anyway.

                    Comment


                    • #11
                      yeah if you type msconfig in the run box you can just un-check the box and windows wont try to open the file anymore....there is a much longer and more complex way to remove it from the registry but as long as the offending files are gone that is neither here nor there...its only giving you a message because its tying to open the virus that was removed.


                      in short just un-check the box

                      Comment


                      • #12
                        Thanks. God I love this place! A railroad site that also diagnosis computer problems.

                        Future hog, have you read my other computer adventures?
                        All postings by BadOrderKing are public information, works of fiction, sometimes resembling the rants of a madman and in no way should be construed to represent the positions, views, or thoughts of any particular railroad carrier. No one listens to him anyway.

                        Comment


                        • #13
                          BOK if you use CCleaner go to the tools link and select startups. It's a useful and clear way to manage startups. You can see them easier than MSconfig and you can easily disable/delete them too. AND you don't have to reboot to save the changes.

                          Comment


                          • #14
                            If you use MSCONFIG to manage your startup routines, you will get a a cryptic notice the first time you boot, to remind you you have done this. When you see it, select the option to not notify you of this fact. You already know after all!
                            sigpic ΜΟΛΩΝ ΛΑΒΕ "Come and get them" Leonidas I to Xerxes, at Battle of Thermopylae

                            Comment


                            • #15
                              Originally posted by Dogbearbyter View Post
                              BOK if you use CCleaner go to the tools link and select startups. It's a useful and clear way to manage startups. You can see them easier than MSconfig and you can easily disable/delete them too. AND you don't have to reboot to save the changes.

                              ^^^^^^^^^^^^^^^^^^^^^^^^^^Good information^^^^^^^^^^^^^^^^^^^^^^^^^



                              Originally posted by jonnyseeandoh View Post
                              If you use MSCONFIG to manage your startup routines, you will get a a cryptic notice the first time you boot, to remind you you have done this. When you see it, select the option to not notify you of this fact. You already know after all!
                              forgot to mention that, thanks for adding it!
                              Last edited by FutureHogger; 02-02-2011, 08:12 AM.

                              Comment

                              Working...
                              X