Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

shell32.dll pesky download


  • Please log in to reply
4 replies to this topic

#1 drdbkarron

drdbkarron

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 18 July 2012 - 11:02 AM

Mod Edit: moved from Win 7 to Am I Infected forum~~ boopme
Dear Bleepers;

I have a colleague who is being attacked by some process,
across multiple browsers that is trying to download
shell32.dll (which contains icons and more shell customizations).

I cleaned it out once, i had thought, but like the cat, it came back.

This user won't upgrade her Java because her
favorite chatroom advises against it,
or she can't fully participate because of problems
with the latest java update.

She has permitted me to teamview in with her and I hope to
capture and log more details.

I will run combo-fix again and make certain the firewalls are up
and lets see if i get more reports.

Cheers!

dr. K

Edited by boopme, 18 July 2012 - 03:09 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 AM

Posted 18 July 2012 - 07:57 PM

Hello having run ComboFix we need to see that and a DDS log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you have.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 drdbkarron

drdbkarron
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 23 August 2012 - 09:59 PM

The problem is still active, and unresolved.
I will try to get logs from my client.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 AM

Posted 24 August 2012 - 03:43 PM

Ok you will need to post them per the Prep Guide.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 drdbkarron

drdbkarron
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 30 August 2012 - 03:52 PM

I got one good log.
The system seemed to require a reboot; after running combo fix it seemed
that every program link was bad and Windows 7 asked if I wanted to delete the
link (on quick links, start menu...) I declined and rebooted. I will
rerun combo fix when I get back in. My client is not happy with such intrusive
procedures when she is just letting the downloads take up a second display.

One thing I notice in the ComboFix log is that the shell64.dll is immense.
details to follow (I have to login the client machine and post from there).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users