Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Virus Or Trojan Or What? Not Sure...

  • Please log in to reply
1 reply to this topic

#1 estebancruz


  • Members
  • 1 posts
  • Local time:01:27 PM

Posted 06 January 2008 - 08:04 PM

I have searched throughout all these forums and elsewhere, and I'm really stumped with a strange set of circumstances.

Today I had a Windows popup saying that it could not write to an external drive. Some kind of an advance write error. This is a firewire Maxtor drive I use for backing up. Sure enough, it's gone from My Computer. The drive works just fine on other machines.

When I go to Device Manager, I get an error with the header, "rundll32.exe - Bad Image" and the message, "The application or DLL C:\Program Files\WinFax\WfxSeh32.Dll is not a valid Windows image. Please check this against your installation diskette." Then another error with the same header and DLL C:\Program Files\Qualcomm\Eudora\EuShlExt.dll is not a valid Windows image. Please check this against yo8ur installation diskette." Both of these applications work just fine, by the way.

After the errors, Device Manager comes up, and there are no errors shown. The IEE 1394 controller is working fine, and so the external drive SHOULD be working, but it won't anymore.

Now, Kaspersky also shows an error: "Process C:\WINDOWS\system32\rundll32.exe (PID: 3284): attempt to load new or modified module was blocked."

When I click on details, there has been a string of attempts to load:

C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\Program Files\WinFax\WFXSEH32.DLL into process.
Kaspersky BLOCKS each time

C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\Program Files\Qualcomm\Eudora\EuShlExt.dll into process.
BLOCKS each time

HOWEVER, there is also a repeated attempts to load:
C:\WINDOWS\system32\rundll32.exe Attempt to load a new or modified module C:\WINDOWS\system32\mmc.exe into process.
Kaspersky ALLOWS this each time!

There are also dozens of other DLLs that Kasperky has allowed, all within a short period of time.

I've run done a full scan with Kaspersky, nothing.

I've done a scan with Sophos Anti Rootkit, nothing.

I've checked every process in Task Manager, and they all seem to be OK.

There is no unusual amount of CPU activity.

Oddly, another machine did have a similar advance write error to an external drive that was not connected at the time. When I connected it, it threw up the error. However, this machine is not exhibiting any of the problems I'm having with this machine.

So now, I can't get Windows to recognize my external hard drive, AND I get this cryptic stuff every time I try to open Device Manager. I've searched everywhere for this combination of things, but I'm coming up with nothing.

Any suggestions are greatly appreciated.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,763 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:27 PM

Posted 07 January 2008 - 03:03 PM

Are you the same poster who is already getting assistance here? If so, you should continue in that same thread. Posting at other forums only causes confusion and makes it more difficult to resolve your problem.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users