Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll Error Message On Start-up


  • This topic is locked This topic is locked
4 replies to this topic

#1 Jake Tipler

Jake Tipler

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 18 August 2008 - 02:10 AM

Recently I got a trojan on my computer which installed a numer of viruses and malware.
Specifically I got an error message saying automatic updates was not turned on - even though it was and when I started my internet browser (firefox) I was often directed to a site called 'crush-o-meter'. I was also periodically disconnected from my wireless internet.
I have managed to stop the above problems from happening by running every virus check known to man (Ad-aware, BitDefender, SpyBot, Avast, Housecall and McAfee Stinger etc). A couple of them have infections that they cannot remove - usually with a message saying the specific file could not be deleted or could not be found and so I think there may be malware still active on my computer.
My main problem is I still have two run dll error messages on startup (and who knows what else). The error messages are as follows:
Rundll
The specified module could not be started: ammusdek.dll
& the same message but with ebuveold.dll.
I have attached a Hijack This log in a hope that someone may be able to help me remove these (and other hidden viruses).
Please help - I am desperate to get my computer running smoothly again asap.

Thanks heap in advance :-)

Jake

Attached Files



BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:24 PM

Posted 18 August 2008 - 02:25 AM

Hello Jake Tipler,

Welcome to Bleeping Computer :thumbsup:

First you should know that you're actually doing more harm than good by running 3 Anti Virus programs. (BitDefender, AVG, and Avast!) When you do this all 3 programs compete for resources, and the end result is none does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable or uninstall the other ones, and use them as an on demand only scan occasionally. Please do this first, then reboot and go on with the rest of the directions. :)

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {00A2B950-5941-4C01-8F82-8FA71DB5FD02} - C:\WINDOWS\system32\awtsPJBt.dll (file missing)
O2 - BHO: {e25d9b6a-c0b1-9b7b-eb24-419ab5db7ea2} - {2ae7bd5b-a914-42be-b7b9-1b0ca6b9d52e} - C:\WINDOWS\system32\uvpxtl.dll (file missing)
O2 - BHO: (no name) - {38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} - C:\WINDOWS\system32\tuvWomkk.dll (file missing)
O2 - BHO: (no name) - {741A1207-2A4C-47CE-BD57-D4D82F36BF2E} - C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\K1MV0DEV\3077htsbdjyf[1].dll (file missing)
O2 - BHO: (no name) - {A58BA366-F6DB-4F4F-BF3F-078AFAC82C54} - C:\WINDOWS\system32\wvUnKeBT.dll (file missing)
O4 - HKLM\..\Run: [2caa862c] rundll32.exe "C:\WINDOWS\system32\ammusdek.dll",b
O4 - HKLM\..\Run: [BM2f99b5b0] Rundll32.exe "C:\WINDOWS\system32\ebuveold.dll",s
O20 - Winlogon Notify: tuvWomkk - tuvWomkk.dll (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Jake Tipler

Jake Tipler
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 19 August 2008 - 01:18 AM

Thank you very much for your help - It looks as though you have solved the problem (I think...)
Typically I don't use more than 1 virus checker however I installed them all to remove this virus - but thank you for the advice none the less.
As requested I have attached the ComboFix log and a new HijackThis log.
Once again thank you for your help! :-)

Regards,
Jake

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:24 PM

Posted 20 August 2008 - 01:03 AM

Hello there,

Looks really good, and glad it's running better. :thumbsup: Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:24 PM

Posted 11 September 2008 - 05:30 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users