Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

785584cf.dll - Eating Cpu And Hdd Space


  • Please log in to reply
2 replies to this topic

#1 trodas

trodas

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Czech republic
  • Local time:06:52 AM

Posted 15 September 2007 - 07:01 PM

After disabling swap and cloning my Win2k SP4 from 120G Maxtor C: 2G partition on 320G Hitachi C: 2G partition the boot become extremely slow after winlogon kick in. Took like 10 minutes and about 20 sec one has to wait for every single click to get recognized, etc. System act very slow.
All speed problems went away when using ProcView I changed the priority of winlogon.exe from High to Below Normal.
But not ALL problems.
Drive C: has ZERO free space - a huge problem. All the space is consumed by file 785584CF.dll in C:\WinNT\Temp directory. Any attempts to delete the file failed miserably. The file is locked by winlogon.exe and killing this process cause instant freeze. Using ProceXP I tried to close the file handle, to be able to delete it, yet once again - message invalid descriptor stopped me.
It is possible to kill the file in DOS (Zip boot, C: is FAT32) but after new reboot - there we go again. Any free space on C: I managed to free get consumed again and very quickly...

In short - it suxx.

What is weird is, that any time I can boot using the old drive and it works w/o any these troubles. Now that is WEIRD.

I tried SpyBoot (updated), Ad-Aware (updated) and Avast and Kaspersky (updated) to help me get rid of the virus/problem or what the hell this is, but none of them are successful. Avast, tough, find some ntkros.dll file the BSplayer put in my machine, witch make the old version of BSplayer finally run (the new one suxx badly) - but that is probably not related...

Any ideas are welcome!

"It is dangerous to be right in matters on which the established authorities are wrong." - Voltaire
"I believe that all the people who stand to profit by a war and who help provoke it should be shot on the first day it starts..." - Hemingway :) my config


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:52 AM

Posted 15 September 2007 - 11:12 PM

Hello trodas, welcome to BC
I'd suggest from its name and temp file location that you follow these instructions
Preparation Guide for use before posting a HijackThis Log

Edited by boopme, 15 September 2007 - 11:13 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 trodas

trodas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Czech republic
  • Local time:06:52 AM

Posted 16 September 2007 - 03:33 AM

Hehehe, I work faster! :thumbsup:

Problem found and fixed.
I find that after replacing hal.dll file with nonstandard size of 82 176 bytes - while hal.dll is still 66 848 bytes long, even after IE6 and DX9.0c updates for Win2k SP4 - I can now use the ProceXP sucesfully to close the hadle and hence delete the file. Hoooray! And it does not re-create - till next reboot, da**.

The major cause is pmxgl32.dll file, witch is likely a trojan virus. After running HijackThis.exe I get recommened to take a look at this file and that was it.

Google find this link: http://forum.kaspersky.com/lofiversion/index.php/t47534.html
According to witch I removed it - and viola - problems are gone! Hoooray!

Dunno how much bad files are still on my HDD, but at least no apparent problem is visible - till new reinstall :flowers:
Neverless I probably have to STOP using IE even for sites I think are safe :trumpet:

There is the file, if anyone are interesed:
http://rapidshare.com/files/56065674/785584CF_virus.zip


Mod Edit: Last link disabled, to preclude possible infection. ~tg

Edited by tg1911, 16 September 2007 - 11:35 AM.

"It is dangerous to be right in matters on which the established authorities are wrong." - Voltaire
"I believe that all the people who stand to profit by a war and who help provoke it should be shot on the first day it starts..." - Hemingway :) my config





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users