Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry file with a trojan quarantined, now internet issues


  • Please log in to reply
5 replies to this topic

#1 Sigmatam

Sigmatam

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 31 January 2014 - 04:20 PM

Hello,

 

It appears that I have a registry file that has been infected with a trojan horse.  As a result, Norton Symantic Quarantined it and now my internet does not work properly. 

 

Upon windows startup I get the error message: LoadLibrary ("C:\Documents and Settings\tammy yax\ localsettings\ApplicationData\XDNsoft\aqReporter.dll") failed- the specified module could not be found.

 

Everytime I open any program that uses the internet the program doesn't work at all or is extremely laggy.  I've tried researching the problem online, but cannot find any real information on this issues. 

 

Unfortunately, it seems my computer needs this quarantined file in order to run properly. Apparently it's a RegSVR32 file. 

 

Norton gives the option to take the file out of quarantine, but I am reluctant to do so with a trojan on it.  My operating system is Windows XP.  Before this file was quarantined I didn't notice any issues with my computer other than norton blocking serveral trojan attacks within the same 2 day period. 

 

I've run a full system antivirus scan with Norton, and even tried system restore.  Don't know what else to try.  Any help would be greatly appreciated. 

 

Thank you. 

 

Not sure if it helps, but below is the Norton Quarantine log:

 

~Tam

 

 

Filename: aqreporter.dll
Threat name: Trojan HorseFull Path: c:\documents and settings\tammy yax\local settings\application data\xdnsoft\aqreporter.dll

____________________________

Details
Unknown Community Usage,  Unknown Age,  Risk High

Origin
Downloaded from
 Unknown

Activity
Actions performed: Actions performed: 1

____________________________

On computers as of Not Available
Last Used 1/7/2014 at 3:17:09 AM
Startup Item No
Launched No

____________________________

Unknown
It is unknown how many users in the Norton Community have used this file.

Unknown
This file release is currently not known.

High
This file risk is high.

No details available.

____________________________

Source: External Media

____________________________

File Actions

File: c:\documents and settings\tammy yax\local settings\application data\xdnsoft\aqreporter.dll
Removed
____________________________

File Thumbprint - SHA:
5464cfccfdb37b43a50a778fbc972d9151e80e0d4ad7d945b1
3bd40ec5296043
File Thumbprint - MD5:
Not available

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 31 January 2014 - 08:50 PM

Hello and welcome Sigmatam..
For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


>>>>>>>>>

Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message. -->>> aqreporter.dll
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Sigmatam

Sigmatam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 02 February 2014 - 10:08 AM

It seems I can't download autoruns as I get the message, "we're sorry, the page you requested cannot be found."  Is there another way/ link to download this?



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 02 February 2014 - 11:40 AM

http://technet.microsoft.com/en-us/sysinternals/bb963902
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Sigmatam

Sigmatam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 04 February 2014 - 10:01 AM

Thanks for helping me with the fix.  That seemed to resolve all the issues.  I wish I could hug you!  :bounce:



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 04 February 2014 - 10:49 AM

You're welcome Tammy  (accepting hug :hug:  :grinner: )
 
I would still like to run this.
 
 
ADW Cleaner
Please download AdwCleaner by Xplode and save to your Desktop.
[list]
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users