Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad Aware Scan


  • Please log in to reply
7 replies to this topic

#1 heavydude

heavydude

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 13 October 2011 - 04:39 PM

I ran an Ad Aware scan today. In addition to removing some malware it quarantined the following:

Quarantined items:

Description: c:\users\jack\appdata\local\drmpadtray\rasmapppm.dll Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b916834dd7cd8c4b43ef753e05b316c3

Description: c:\users\jack\appdata\local\drmpadtray\rasmapppm.dll Family Name: Win32.Trojan.Sefnit Engine: 1 Clean status: Reboot required Item ID: 0 Family ID: 4244776 MD5: b916834dd7cd8c4b43ef753e05b316c3

During reboot I could see that the item was removed. But when reboot completed, an error message came on to the screen that said:

Error loading
c:\users\jack\appdata\local\drmpadtray\rasmapppm.dll
The specified module could not be found.

If the item was properly quarantined and removed, then why is there an error message?

Is there something further I need to do or just close it and ignore it?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:02 PM

Posted 13 October 2011 - 08:24 PM

Usually it's registry leftover.

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 heavydude

heavydude
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 14 October 2011 - 12:44 AM

Here it is:

http://www.filedropper.com/autoruns_7

I see an entry for the rasmapppm.dll.

I also see a couple of entries for Lavasoft that can also go since I deleted Ad Aware.

What do I do next?

Thanks.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:02 PM

Posted 14 October 2011 - 10:41 AM

Yeah, re-run Autoruns, right click on following entries and click "Delete":
+ "rasMapppm"
+ "LavasoftShellExt"

Restart computer.

Any other issues?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 heavydude

heavydude
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 14 October 2011 - 11:37 AM

I see several entries that say "file not found."

Delete those, too?



Thanks for the help.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:02 PM

Posted 14 October 2011 - 11:40 AM

I can see couple more related to Ad-aware (Lavasoft). You can delete those as well.
Leave the others alone.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 heavydude

heavydude
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 14 October 2011 - 12:39 PM

OK.

Thanks.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:02 PM

Posted 14 October 2011 - 12:40 PM

You're very welcome Posted Image

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users