Avast WEBforum

Other => Viruses and worms => Topic started by: bulexu on September 17, 2008, 09:53:01 PM

Title: .dll worm/virus - endless warnings
Post by: bulexu on September 17, 2008, 09:53:01 PM
Hello all!

I'm having a problem with a virus.

I'm using Windows XP + SP2 and avast 4.8 Home Edition.
For some time now, i'm getting a warning, virus found. this is a line from the log:
"9/17/2008 10:19:14 PM   SYSTEM   2012   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\tuvTkKcA.dll" file."

Every time I delete it it just appears right back and the warning pops back. It's very hard to do anything else, because the system is busy dealing with all the warnings. I tried to end all the processes from task manager, but only from my user name, not from system or local service, thinking that maybe is just an .exe file putting the .dll there,  yet the problem wasn't solved.
BUT when I moved it to chest, the warnings stopped.

I think the same virus is also:
9/17/2008 8:18:44 PM   SYSTEM   1992   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dfapjopl.dll" file. 
9/17/2008 8:18:49 PM   SYSTEM   1992   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\heqkkhgb.dll" file. 

because i experienced the same endless warnings, but those just stopped. I don't know how.

The Web Shield, Standard Shield, P2P Shield, Network Shield are on.

I hope I gave you enough details.

Thank you for your time!

PS: i tried to search for a similar problem, but it's hard to find. if you google dfapjopl.dll for example, there are no results... that's why, i might think those are just random letter (except for the .dll, of course :) )

and another thing... i don't know if it's related or not, my audio is down. No volume icon next to the clock and when I'm trying to play some music in winamp i get the error: "BadDirectSound driver. Please install proper drivers or select another device in configuration". And it was working last time I used my computer...
Title: Re: .dll worm/virus - endless warnings
Post by: CharleyO on September 17, 2008, 10:06:59 PM
***

Welcome to the forums,  bulexu.   :)

First, let us gather more information.

Please download HijackThis from the link below, run the program but do not make any fixes, and then post the log results using the "copy & paste" method. It will probably take more than one post to be able to get the complete log posted. OR, you can post it as an attachment to your post by clicking on "Additional Options..." below left of the posting box. Do not download HJT to the desktop but instead download it into it's own folder on the hard drive. Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


***
Title: Re: .dll worm/virus - endless warnings
Post by: DavidR on September 17, 2008, 10:34:25 PM
There is most likely an undetected or hidden element to this infection, restoring or downloading the file again.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
1. SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version.

2. MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.