Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing Files?


  • Please log in to reply
5 replies to this topic

#1 sam-my

sam-my

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 25 February 2008 - 04:04 PM

My PC was running very slowly. I scanned it using SuperAntispyware which found a lot of Vundo's.
The PC is clean and running normally.
Now, after restart, I get a window titled: RUNDLL with the following:
"error loading C:\WINDOWS\System32\xgyndcia.dll The specified module could not be found"
What this means?

I checked in the SuperAntispyware Quarantine files and found there, two files named
C:\WINDOWS\System32\XGYNDCIA.DLL (infected with Adware.Vundo-Variant/Small-A)

Please, need assistance. Thanks

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,384 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:28 AM

Posted 25 February 2008 - 04:42 PM

OK.

The error message indicates that the system still has a marker in startup for the malware which has been removed and quarantined. You can correct that by using a program like Autoruns to disable/delete that startup marker.

AutoRuns for Windows v8.73 - http://www.microsoft.com/technet/sysintern...s/AutoRuns.mspx

All startup items you are interested in...are on the Logon tab of Autoruns, I believe.

There is no point at all in saving files which are malware. I know that SAS automatically quarantines...but you can then use the Quarantine Management function to delete anything which has been quarantined.

Louis

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,846 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:28 AM

Posted 26 February 2008 - 01:59 AM

Hello sam-my and welcome to BC :flowers:

In addition to using AutoRuns as Hamluis suggested, I would also do a scan with SUPERAntiSpyware in Safe Mode to see if anything else is lurking.

Here are more specific directions for using AutoRuns:

Download Autoruns, search for the related entry and then delete it.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
  • Open the folder and double-click on autoruns.exe to launch it.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for a startup entry related to the file(s) in the error message.
  • Right-click on the entry and choose delete.
  • Reboot your computer and see if the startup error returns.
Here are the instructions for SUPERAntiSpyware. You might wish to print them out or paste them in notepad so you have them available when you are in Safe Mode.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 sam-my

sam-my
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 26 February 2008 - 03:44 PM

Many thanks to you Louis and Orange Blossom for your prompt answers and your kind guidance.
1. I downloaded AutoRun program and ran it
I checked several times but could not find the startup error message.
I rebooted the PC the error message didn't reappeared???

2. I proceeded as advised with SAS in SafeMode. After the scan I got
"No harmful software was detected"

3. Orange Blossom, would you like me to post the log I got when I ran SAS the first time, where I found many (hundreds) items - as I mentioned in my previous thread.

4. What should I do with all these files (malware) in quarantine in SAS

Many thanks

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,384 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:28 AM

Posted 26 February 2008 - 04:14 PM

Delete those files...unless you intend to start a library of such :thumbsup:.

If you don't delete them, some malware defense will detect them every time you do complete scans and you'll be looking for gremlins which have already been neutralized.

Louis

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,846 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:28 AM

Posted 01 March 2008 - 02:18 AM

My PC was running very slowly. I scanned it using SuperAntispyware which found a lot of Vundo's.


I was just rereading this topic and noticed the above which somehow I missed the first time. I think it would be a good idea to follow the directions in this guide to make sure you have gotten rid of all the Vundo. SAS is good, but it doesn't find all Vundo files. If you have any questions while going through the guide, please post them as a reply to this thread. Pease post the Vundo log as a reply when you have finished the guide.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users