Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shell32.dll Changed?


  • Please log in to reply
3 replies to this topic

#1 Learner87

Learner87

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 19 June 2008 - 09:47 PM

My AVG anti virus detects 2 treats in my computer, it did not mention wht virus I infected, jus shows tht the shell32.dll has been changed. Need HELP here. Thanx.
Posted Image

BC AdBot (Login to Remove)

 


#2 Juha

Juha

  • Members
  • 512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:06 AM

Posted 19 June 2008 - 11:54 PM

According to AVG, it is normal for AVG to report changes to shell32.dll and other files.

Try accepting the message.

You shouldn't worry unless it reports the file to be infected!

Edited by Juha, 19 June 2008 - 11:58 PM.


#3 Learner87

Learner87
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 20 June 2008 - 01:40 AM

Here is the kasperky report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, June 20, 2008 2:33:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/06/2008
Kaspersky Anti-Virus database records: 782784
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 111740
Number of viruses found: 10
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 00:52:56

Infected Object Name / Virus Name / Last Action
C:\2020V8\agents\AgFormat.ldb Object is locked skipped
C:\2020V8\agents\AgFormat.mdb Object is locked skipped
C:\2020V8\Cat\60\Common\kit11rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\kit11rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\kit13rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\kit14rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\m_room\kit11rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\m_room\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\m_room\kit13rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\m_room\kit14rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\raima\vista000.taf Object is locked skipped
C:\2020V8\Cat\60\Common\raima\VistaDBHandler.Lck Object is locked skipped
C:\2020V8\Cat\60\Common\room\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\room\kit13rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\room\kit14rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\room_app\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\room_app\kit13rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\room_app\kit14rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\room_m\kit11rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\room_m\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\room_m\kit13rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\room_m\kit14rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\rowenta\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\rowenta\kit13rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\rowenta\kit14rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\sample_m\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\sample_m\kit13rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\style_e\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\style_e\kit13rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\style_m\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\style_m\kit13rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\USER\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\USER\kit13rec.idx Object is locked skipped
C:\2020V8\Cat\60\Common\white_ri\kit13rec.dat Object is locked skipped
C:\2020V8\Cat\60\Common\white_ri\kit13rec.idx Object is locked skipped
C:\2020V8\Db\Sec\60\securitymanager.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164D63B5.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DEC6A1D.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F746749.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27D079A9.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\323355B8.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D513578.vbs Infected: Virus.VBS.Kersuc.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\434B46F8.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45054288.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A342C28.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BD70711.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CD31B59.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DD83E15.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64BA4997.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77A940C7.exe Infected: Worm.Win32.Muha.a skipped
C:\Documents and Settings\All Users\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\All Users\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Desktop\NEW ISKHANDAR.xlsx Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Desktop\~$NEW ISKHANDAR.xlsx Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\ApplicationHistory\Design.exe.69313b05.ini.inuse Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Messenger\lai_li@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Messenger\lai_li@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Messenger\lai_li@hotmail.com\SharingMetadata\Working\database_3008_27C1_827_84C6\dfsr.db Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Messenger\lai_li@hotmail.com\SharingMetadata\Working\database_3008_27C1_827_84C6\fsr.log Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Messenger\lai_li@hotmail.com\SharingMetadata\Working\database_3008_27C1_827_84C6\fsrtmp.log Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Messenger\lai_li@hotmail.com\SharingMetadata\Working\database_3008_27C1_827_84C6\tmp.edb Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Application Data\Microsoft\Windows Live Contacts\lai_li@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\History\History.IE5\MSHist012008062020080621\index.dat Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\hsperfdata_PuchongDesigners\1068 Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\JET13B9.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\JET27D6.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\JET83BA.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\MicrosoftPowerPoint\Install.txt Infected: Trojan.Win32.Agent.aoe skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\~DF1BA2.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\~DF58F9.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\~DF5906.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\~DF5EEE.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\~DF5EFB.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\~DF72FD.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\~DF998F.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\~DFD9D4.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\~DFD9E4.tmp Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temp\~ROMFN_00000524 Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temporary Internet Files\Content.IE5\2XRZOYB8\photolist_ajax[3].htm Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temporary Internet Files\Content.IE5\I8SNCUM2\photolist_ajax[3].htm Object is locked skipped
C:\Documents and Settings\PuchongDesigners\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PuchongDesigners\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\PuchongDesigners\ntuser.dat.LOG Object is locked skipped
C:\heap41a\offspring\autorun.inf Infected: Trojan.Win32.AutoHK.bc skipped
C:\heap41a\reproduce.txt Infected: Virus.Win32.AutoHK.a skipped
C:\heap41a\script1.txt Infected: Trojan.Win32.AutoHK.a skipped
C:\heap41a\std.txt Infected: Trojan.Win32.AutoHK.bc skipped
C:\Media\Forensic.Heroes.II.EP19.rmvb.!mv Object is locked skipped
C:\Media\Forensic.Heroes.II.EP21.rmvb.!mv Object is locked skipped
C:\Media\GUESS-20080614.rmvb.!mv Object is locked skipped
C:\Media\yuanlaiwobushuai_08.rmvb.!mv Object is locked skipped
C:\Media\yuanlaiwobushuai_09.rmvb.!mv Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Incomplete\T-5020194-Dru Hill - I Love You.mp3 Object is locked skipped
C:\Program Files\Incomplete\T-5247260-Dru Hill - Dru Hill - Never Make A Promise.mp3 Object is locked skipped
C:\Program Files\LimeWire\darren hayes spin.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Program Files\QvodPlayer\Qvod.cfg Object is locked skipped
C:\Program Files\U Mobile Broadband Connection\db.dat Object is locked skipped
C:\Program Files\U Mobile Broadband Connection\db.ldb Object is locked skipped
C:\RECYCLER\S-1-5-21-3403794038-735125100-868809978-1006\Dc22.wma Infected: Trojan-Downloader.WMA.GetCodec.b skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP201\A0029978.inf Infected: Worm.Win32.AutoRun.cub skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP201\A0029979.dll Infected: Trojan-PSW.Win32.OnLineGames.qyo skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem #2.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET859B.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Posted Image

#4 Juha

Juha

  • Members
  • 512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:06 AM

Posted 20 June 2008 - 03:56 AM

Do you have both Norton Antivirus and AVG Antivirus currently installed on the computer? It is highly recommended that you run only one antivirus due to conflicts that could occur between the two security softwares.

It looks like some of the infected files are present in Norton Antivirus Quarantine. Try emptying the Quarantine. If Norton is out of date, uninstall it as well. Also uninstall AVG. Now download Kaspersky Antivirus Free Trial (30 days). Install it. Run and scan with it making sure you it is up-to-date before scanning. Remove all infections it finds.

Post back the results, and hopefully we'll try to help you further (if required).

I can see that you got LimeWire installed. You should note that programs like LimeWire, peer to peer file sharing programs, are usually bundled with viruses and other dangerous malware. You should always make sure you scan all files with an up-to-date Antivirus upon download.

Edited by Juha, 20 June 2008 - 03:57 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users