Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sent to wrong diretory for Rundll32.exe


  • Please log in to reply
No replies to this topic

#1 TaskMaster

TaskMaster

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 26 June 2010 - 07:19 PM

HISTORY: Running XP home that was upgrade from Millennium. A few months ago the wife complained about her very slow computer so I ran the spy-bot and AVG that were installed on her system. They found nothing important. Then cleared computer of these two programs by doing uninstall. Then I installed Microsoft Essential Security followed by a full scan. When I ran Essential Security it did find some issues but nothing major. Lately she has again been complaining about her computer and a couple of days ago she lost her ability to print to the network printer. In the process of trying to repair the printer I noticed that Microsoft Essential Security was not running. I was unable to start the Essential Security program. Took the computer off the network/internet and installed and ran Mal-ware bytes found 18 Trojans. bots, and loggers. Then installed and ran Nod32 and it found 2 more. I had both programs clean and delete problems. I then installed the printer and it now worked. So I went to Add Remove Programs to remove Spybot and I received the following message. "Windows cannot find c:\WINDOWS\rundll32.exe".

I did a search for the file and copied the file to the location wanted. clicked on the Add Remove Programs and Malware stop the action because a Backdoor.bot had been activated. Since I could not remove Microsoft Essential Security I did a system restore to a previous point and reinstalled Malware bytes.

Then I did something dumb I decided to update windows XP Home to XP Pro hoping it would correct the misdirection. Upon the completion of the upgrade, which was a problem because of needing device drivers the was no change in the ability to run Control Panel programs. Computer is still looking for rundll32.exe in the wrong location. Again a copy of rundll32.3exe to the c:\windows\ location activated a Backdoor.bot that Malware stopped.

ACTIONS TAKEN:
Turned system auto update back on. (I was off but should have been on.) Installed 79 windows updates.
Set a System Restore Point and turned off automatic System Restore.
Searched for all copies of rundll32.exe and deleted the same.
Reinstalled rundll32.exe file from XP Pro CD.
Ran regedit and searched for C:\WINDOWS\rundll32.exe in it. found nothing with this path and file combination
Did search for path statement C:\WINDOWS\rundll32.exe in any file on the computer. Found only in the log of Malware Bytes.
Did search for Backdoor.bot or backdoor as file or in register and system wide file search. None were found. Look in system and/or hidden files and directors was turned on.
Ran Rkill followed by Malware Bytes full scan. Nothing found.
Ran_XP_EXE_fix_Reg for registry direction repair. Still cannot run Control Panel programs.


This is where I sit. The computer operates as long as I do not try to use the Control Panel Programs. I have no idea what to try next.

I know that I can do a wipe and a clean install but the problem is that in January of the year we were robbed. One of the items taken was all my software. Some of which I do not even believe is available any more. If there is any way possible I would like to fix this problem. "Windows cannot find c:\WINDOWS\rundll32.exe"

Roger

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users