BleepingComputer.com: Intro - PhilS32767

Hi all --

My name is Phil Schwarz. I'm a software developer by profession, and (therefore by default :-)) the system and network administrator of our home network of a handful of desktops, laptops (and more recently an iPad and a Wii). The desktops and all but 2 of the laptops run WinXP SP3. (The outliers are an ancient 2003-vintage Dell Latitude C610 still running Win2k SP4, there mostly for me to run VNC on it and VPN into my Linux box at work, and my college-age daughter's laptop, which came with Vista installed, alas.)

Over the years we've had a few malware attacks, and until today, I've always been able to get the information I needed to identify and resolve the attacks simply by searching through what's already posted here on Bleeping Computer. But today I've run into something that still has me stumped, so I've made my first post to "Security/Am I infected? What do I do?" (http://www.bleepingcomputer.com/forums/topic369238.html) -- Malwarebytes removed *most*, but not all, of a Trojan.Agent infection my son stumbled into a couple of days ago. There's still something on the system causing the svchost.exe instance for the netsvcs group to spawn a rundll32.exe that attempts to load a malicious dll dropped by the attack that Malwarebytes has removed -- and what's odd is that the rundll32.exe does not exit when the dll is not found.

Glad to be here to introduce myself, and glad that Bleeping Computer is here!

-- Phil

Welcome to BC!
As malware becomes more and more complex and sophisticated, so does the means to remove it. I am sure our Members can help you.
Season's compliments,
John

Likewise -- happy holidays!