Author Topic: .dll worm/virus - endless warnings  (Read 2996 times)

Offline bulexu

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
.dll worm/virus - endless warnings
« on: September 17, 2008, 07:53:01 PM »
Hello all!

I'm having a problem with a virus.

I'm using Windows XP + SP2 and avast 4.8 Home Edition.
For some time now, i'm getting a warning, virus found. this is a line from the log:
"9/17/2008 10:19:14 PM   SYSTEM   2012   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\tuvTkKcA.dll" file."

Every time I delete it it just appears right back and the warning pops back. It's very hard to do anything else, because the system is busy dealing with all the warnings. I tried to end all the processes from task manager, but only from my user name, not from system or local service, thinking that maybe is just an .exe file putting the .dll there,  yet the problem wasn't solved.
BUT when I moved it to chest, the warnings stopped.

I think the same virus is also:
9/17/2008 8:18:44 PM   SYSTEM   1992   Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dfapjopl.dll" file. 
9/17/2008 8:18:49 PM   SYSTEM   1992   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\heqkkhgb.dll" file. 

because i experienced the same endless warnings, but those just stopped. I don't know how.

The Web Shield, Standard Shield, P2P Shield, Network Shield are on.

I hope I gave you enough details.

Thank you for your time!

PS: i tried to search for a similar problem, but it's hard to find. if you google dfapjopl.dll for example, there are no results... that's why, i might think those are just random letter (except for the .dll, of course :) )

and another thing... i don't know if it's related or not, my audio is down. No volume icon next to the clock and when I'm trying to play some music in winamp i get the error: "BadDirectSound driver. Please install proper drivers or select another device in configuration". And it was working last time I used my computer...
« Last Edit: September 17, 2008, 07:58:38 PM by bulexu »

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: .dll worm/virus - endless warnings
« Reply #1 on: September 17, 2008, 08:06:59 PM »
***

Welcome to the forums,  bulexu.   :)

First, let us gather more information.

Please download HijackThis from the link below, run the program but do not make any fixes, and then post the log results using the "copy & paste" method. It will probably take more than one post to be able to get the complete log posted. OR, you can post it as an attachment to your post by clicking on "Additional Options..." below left of the posting box. Do not download HJT to the desktop but instead download it into it's own folder on the hard drive. Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline DavidR

  • avast! √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: .dll worm/virus - endless warnings
« Reply #2 on: September 17, 2008, 08:34:25 PM »
There is most likely an undetected or hidden element to this infection, restoring or downloading the file again.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
1. SUPERantispyware On-Demand only in free version.

2. MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now