Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


trojan rundll error and redirecting searches

  • Please log in to reply
1 reply to this topic

#1 pinebapple


  • Members
  • 3 posts
  • Local time:03:42 AM

Posted 26 April 2011 - 10:23 PM

Hello. I am currently running microsoft malicious software removal tool again-this time full scan. I ran it earlier and it found the rundll32 trojan which it said would be removed after restart. Except on restart I got the familiar pop up window "error loading c:\windows\wmadl32.dll The specified module could not be found". I have mcafee which had found the same trojan a week ago and quarantined it. I uninstalled my malwarebytes and reinstalled it then run it again. No matter what I have tried so far, after they all clean the comp, at some point the comp is restarted and the dreaded pop up comes up again. Is it a virus or did I mess something up trying to clean out the trojan? When I do a google search usually whichever link I first click on ends up being a redirect to another website. I appreciate any help, thanks!
P.S. I am new to the forum and to protocol so I am not sure what info is needed about the comp to start the help process but the comp is an hp laptop with windows xp.

BC AdBot (Login to Remove)


#2 pinebapple

  • Topic Starter

  • Members
  • 3 posts
  • Local time:03:42 AM

Posted 27 April 2011 - 11:51 PM

fport reports all open TCP/IP and UDP ports and maps them to the owning application.
This is the same information you would see using the 'netstat -an' command, but it also
maps those ports to running processes with the PID, process name and path. Fport can be
used to quickly identify unknown open ports and their associated applications.

FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe

392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe

The program contains five (5) switches. The switches may be utilized using either a '/'
or a '-' preceding the switch. The switches are;

/? usage help
/p sort by port
/a sort by application
/i sort by pid
/ap sort by application path

For updates visit: www.foundstone.com

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users