Author Topic: Deleted virus (Read 2556 times)

Kenrith · « **on:** May 10, 2011, 12:30:25 AM »

Hi - Can you help/advise

OS:- WinXPHome

I have been using Avast for a couple of years now and have no problems
untill I recently picked up a 'Dropper' virus ?.

avast picked this up ok, rebooted and then carried out a scan prior to
Windows starting, where the virus was deleted.

The pc starts ok now but I can't open any applications except Explorer
I now have 'Rundll32' error with application not found.

My question:- if I upgrade to The AvastPro version can it restore
the dynamic Library?.

If not, could you receommend an application that I can trust. as there
are loads out there.

DavidR · « **Reply #1 on:** May 10, 2011, 01:28:01 AM »

What is the file name and location of the dropper that was detected ?

What is the full text of the rundll32 error ?
I suspect it will relate to the file that you had avast delete, since it wanted to be registered to run on boot and the file isn't there it throws up the error. What this means t=is that there is a registry entry left behind that will need dealt with, more on that later if confirmed.

Kenrith · « **Reply #2 on:** May 11, 2011, 12:10:51 AM »

Quote from: DavidR on May 10, 2011, 01:28:01 AM

What is the file name and location of the dropper that was detected ?

What is the full text of the rundll32 error ?

Hi DavidR

Thanks for your reply.

After checking the system again tonight

I've discovered that it is only my user Account
(Admin) that cannot open any applications. The other
three users seem to be ok.

I was able to open Avast in one of the other users accounts.
Avast locker listed two Viruses both in the admin user
'local settings\AppData'

1.Listed as, WIN32: Olmarik-H

2.Listed as, stm.exe; Win32: Dropper-gen[Drp]

attempting to open any application results in the 'Open With'
File requester asking what application I want to use

Attempting to open any Control panel results in error;
C:\WINDOWS\system32\rundll32.exe Application not found.

Jack 1000 · « **Reply #3 on:** May 11, 2011, 12:16:47 AM »

To the OP,

I would also recommend a manual Avast Update and than do a Boot Time Scan. Move everything found to the chest.

After that, install, update, and run Malwarebytes from www.malwarebytes.org. Update the program, than run a Full Scan. Follow the prompts for anything found and report back.

Jack

DavidR · « **Reply #4 on:** May 11, 2011, 12:41:54 AM »

Well first it is inadvisable to use 'the Administrator' account for routine use as any malware inherits the user privilege and can do virtually anything.

Try SuperAntiSpyware (SAS) as that has a Repair function and one of the options it to repair/Enable the Control Panel, which some malware disabled to make it difficult for you to remove them.

It also wouldn't hurt to run it either - SUPERantispyware (SAS). On-Demand only in free version.
Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

Kenrith · « **Reply #5 on:** May 12, 2011, 09:17:17 PM »

Quote from: DavidR on May 11, 2011, 12:41:54 AM

Try SuperAntiSpyware (SAS)

Hi Many thanks DavidR and Jack1000

Last night and tonight I downloaded both apps you suggested. I used SuperAntiSpyware first by logging into one of the other users and installing as Admin user. it did a scan and repaired lots Hkey registy errors. My user account is now funtioning properley now.

Many thanks for you help

DavidR · « **Reply #6 on:** May 12, 2011, 09:40:09 PM »

No problem, glad I could help.

A belated welcome to the forums.

Author Topic: Deleted virus (Read 2556 times)

Kenrith

Deleted virus

DavidR

Re: Deleted virus

Kenrith

Re: Deleted virus

Jack 1000

Re: Deleted virus

DavidR

Re: Deleted virus

Kenrith

Re: Deleted virus

DavidR

Re: Deleted virus