Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP startup woes


  • Please log in to reply
3 replies to this topic

#1 MotherMary

MotherMary

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 23 January 2010 - 05:16 PM

My husband, bless his heart, knows enough about his computer to turn it on. I don't usually pay attention to his computer unless he has a problem.

This afternoon, he suddenly lost all contact with the Internet. After futzing around with ipconfig, netsh, & etc., I finally discovered that his network connection had gotten corrupted somehow. I fixed it, and as I write he's happily webbing away.

In the process of a lot of trying this and that, I restarted his computer several times. Each time, the XP told me "dimisawo.dll could not be found" and "Windows can't find logon.exe."

I have NO IDEA what either the library or the EXE is about. I've tried searching for both filenames, but I can't even remember the name of the site that tells you what program a mystery library is associated with.

His Startup folder is empty. I have a half-memory of a subdirectory of C:>WINDOWS that contains automatic startup files separate from the Startup folder, but I can't find it on his machine, which means I'm looking in the wrong places.

How do I fix hubby's startup so he doesn't get these error messages? And, once he's fixed, what sort of regimen ought I to start him on, e.g., Malwarebytes daily, SAS weekly, ZoneAlarm firewall, etc., etc.?

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:36 AM

Posted 23 January 2010 - 06:38 PM

A little info on the file dimisawo.dll, http://www.prevx.com/filenames/36276317011...MISAWO.DLL.html, a little info on logon.exe, http://www.processlibrary.com/directory/files/logon/ (Ignore all ads & solicitations).

The fact that these files cannot be found on his system...probably means that his system was infected, but something removed the infected files named. But the pointers to run the infected files were left behind.

You can use AutoRuns for Windows - http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx to disable/remove the pointers.

Once Autoruns is installed...go to the Logon tab. This will display the startup items, both from the registry and from files. If you have any doubt about what an item may be...use Google to look up data on it. Disable rather than delete...any item you are unsure of. Do not search any of the other tabs in Autorums.

There is also the possibility that your husband's system is infected...or will beocme infected again. Few, if any, users change their habiits which led to infection.

To counter that, I suggest seeing that SP3 and all subsequent critical updates are installed right away. That includes IE 8 and the critical updates that apply to it.

I would keep Malwarebytes and SUPERAntispyware installed, updated, and used on any system I had control over. Ditto for a reliable free AV program, such as Avira AntiVir, http://www.softpedia.com/progDownload/Anti...nload-6527.html. Click the Softpedia Secure Download (US) button.

People always ask about the frequency of scans with AV/antimalware programs. My answer to that is...every second of every day, something is trying to either sabotage my systems or obtain information from them...there is no schedule in effect for these idiots, and I don't believe there should be a schedule in effect for those who are trying to prevent such. That's why it's good to have an AV program that scans constantly...and a firewall that is in operation 24/7.

SUPERAntispyware...I run every 5 days or so, Malwarebytes I have installed for reasons of familiarity, not because I routinely find infections on my systems.

Some of the personnel at one of our malware forums can probably give you a better idea of how to protect your systems, take a visit to http://www.bleepingcomputer.com/forums/f/25/antivirus-firewall-and-privacy-products-and-protection-methods/.

Louis

#3 MotherMary

MotherMary
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 24 January 2010 - 01:07 PM

Louis, I HOPE you can help with this new symptom!

I did two things yesterday after writing to you, and I imagine I did them in the wrong order. My husband has been using an antivirus program called VIPRE, and he ran a full scan on Friday and found nothing wrong. So the first thing I did to address the two malware files was to obtain and use Uniblue's Registry Guard. The second thing I did was obtain Malwarebytes and run a full scan, and alas, it didn't even occur to me to run it in Safe Mode, since VIPRE said Jerry's computer was just fine.

Malwarebytes found more than 200 viruses and other malware, including roughly 60 copies of Virtumundo. AAARRGH! So when MWAM said to restart Jerry's computer, I did.

After the computer restarted, it told me repeatedly that "putevama.dll" was not a valid Windows image. Well, DUH! I believe it's malware, disguised as a system file so I CAN'T delete it. After about two minutes, Jerry's computer announced that it was no longer linked to the Internet. Again, ipconfig said otherwise.

This was at suppertime last night. So today, I decided the best thing to do would be to start in Safe Mode and run MWAM again. The computer WOULDN'T LET ME!! It only allowed "Last known good configuration."

As I type these words, MWAM is doing a second full scan, and Jerry's computer APPEARS to be just fine. But I'm assuming that if it wouldn't allow me to start in Safe Mode, it is NOT just fine. What ought I to do now? SAS?

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:36 AM

Posted 24 January 2010 - 01:31 PM

I believe that Virtumonde is the province of one of our malware forums...they can provide the guidance that you need to deal with such.

Read and follow the accompanying guide, from this point on.

http://www.bleepingcomputer.com/virus-remo...undo-virtumonde. Note the section that begins "If you continue to have probloems..."

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users