Jump to content


- - - - -

rundll32.exe missing


  • This topic is locked This topic is locked
45 replies to this topic

#21 Guest_v3rtige_*

Guest_v3rtige_*
  • Guests

Posted 02 December 2004 - 07:26 PM

The operating system is Windows XP Pro w/ SP1
Hijackthis wont run, it does the same as the .bat file.
When I tried to run the file from Dougknox i got "Windows cannot open this file: File: xp_exe_fix.reg
To open this file Windows needs to know what program created it. etc...."

Housecall did not work
Panda's worked and found + repaired some viruses' but i still have the same problem

#22 Guest_Guest_*

Guest_Guest_*
  • Guests

Posted 02 December 2004 - 07:28 PM

basically, Panda's did not solve the issue and i still have the problem

#23 Guest_v3rtige/Guest_*

Guest_v3rtige/Guest_*
  • Guests

Posted 02 December 2004 - 07:35 PM

:(

#24 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 02 December 2004 - 07:36 PM

Download this removal tool to desktop and try running it, if it won't run try running it in safe mode
Let me know if it helps, if it does please post a Hijackthis log
http://www.sarc.com/...ter/FixSirc.com

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#25 Guest_Guest_*

Guest_Guest_*
  • Guests

Posted 02 December 2004 - 07:39 PM

didnt work....going to safemode

do u have aim or msn or anything that u wouldnt mind givin me to try to solve this? my msn is qmncEmail Removed

#26 Guest_v3rtige_*

Guest_v3rtige_*
  • Guests

Posted 02 December 2004 - 07:45 PM

same thing happened in safemode...it does what the .bat file did
and when i run it through start > run and run it through there i get the message "windows cannot open this file....", the same one =[

#27 Guest_Guest_*

Guest_Guest_*
  • Guests

Posted 03 December 2004 - 12:59 AM

Does this help you out
http://windowsxp.mvps.org/exefile.htm

#28 Guest_v3rtige_*

Guest_v3rtige_*
  • Guests

Posted 04 December 2004 - 10:57 AM

rather than saying .exe it says .ink for every exe file

#29 Guest_Guest_*

Guest_Guest_*
  • Guests

Posted 04 December 2004 - 11:14 AM

i take that back...it only says it cannot run .ink when i use a shortcut or start menu option

#30 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 04 December 2004 - 12:56 PM

What did Panda find?
Did you keep not of the infections if any

Try one more Online Virus scan, then we can look in your folders for anything that was renamed
We can try a system restore from a command line, but try this first

Do a free Online AV scan at RAV's
http://www.ravantivirus.com/scan/
When you access that link with Internet Explorer
click on the "To Continue without subsribing click here" link
It will load the activex and definition files

Ensure that all the top entries are checked
Autoclean--Inside Archives---Unpack Executables---Smart Scan
Then click the 'Scan my PC button'
Let it completely finish scanning
When it's complete, copy and paste the results back here

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#31 queenshawtii

queenshawtii

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 05 December 2004 - 01:23 PM

I'm having this same problem also, I can start a new thread if you would like but i'll post what i have so far because i have to leave for work soon.

i scanned with RavAV and here is the log.. it could not remove these viruses..

Scan started at 12/3/2004 2:27:00 PM

Scanning memory...
C:\pack3_exe.vir->(RARSfx)->40124.exe->(UPXW) - Backdoor:Win32/MoSucker.0_6 -> Infected
C:\Documents and Settings\Fam\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3I3IXUR\-indianv[1].htm->(SCRIPT0000) - JS/Exploit.ActiveXComponent* -> Suspicious
C:\Documents and Settings\Fam\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3I3IXUR\-indianv[1].htm->(SCRIPT0001) - JS/Seeker-based.gen* -> Infected
C:\Documents and Settings\Fam\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3I3IXUR\dtop[1].htm->(SCRIPT0000) - JS/Exploit.ActiveXComponent* -> Suspicious
C:\Documents and Settings\Fam\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3I3IXUR\dtop[1].htm->(SCRIPT0001) - JS/Seeker-based.gen* -> Infected
C:\Documents and Settings\Fam\Application Data\hsap.exe - TrojanDownloader:Win32/PurityScan.O -> Infected

Scanned
============================
Objects: 38998
Directories: 2475
Archives: 951
Size(Kb): -218294
Infected files: 4

Found
============================
Viruses found: 3
Suspicious files: 2
Disinfected files: 0
Mail files: 82

and Here is the HJT log

Logfile of HijackThis v1.98.2
Scan saved at 5:54:30 PM, on 12/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Documents and Settings\Compaq\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cp