Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLL Problem


  • Please log in to reply
6 replies to this topic

#1 Lori-P_62

Lori-P_62

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire, USA ( very southwestern part)
  • Local time:01:57 PM

Posted 11 March 2014 - 05:26 AM

Hello all,

 

I'm new here and posted an intro. at the welcome section.  I'm pretty computer savvy, but need help once in awhile.  I usually find an answer online and don't need to ask anyone...haven't had to in probably 6 years.  But I can't find the answer to my present problem.

 

My husband clicked on a link that gave us the "Win32 Patched" virus/trojan.  My AVG didn't protect me and I have the paid version. But it did find it once I had it and cleaned all files up but one...rpcss.dll.  That is in the C:\Windows\System32 location.  It's a critical file that couldn't be deleted.  I found the solution and now my comp. is clean after another virus scan.  I did some research and found out how to extract that one file from my restore CD.  But that leads me to the present problem.  First, I should tell you my specs.  I have Windows Vista Home Premium 32 bit and use IE 9 and Mozilla Firefox 16.0.1.  I use Outlook Express for my email, which is where my problem is.  Actually, it's now called Windows Mail, and it's version6.  Whenever I open an email with more than one graphic,  I get an error code.  I can still open the email, but the error code pops up about 3 times and I have to keep clicking OK.  The error code says: "C:\Windows\System32\dxtmsft.dll is either not designed to run on windows or it contains an error.  Try installing the program again using the original installation media or contact your system administrator or the software vendor for support".
 
After research, I'm pretty sure it's a DirectX problem.  I found out I have DirectX 11.  It has it's own diagnostic tool and I ran it and it says it's running properly.  I read an article on Microsoft that I need a certain Windows update to fix the problem.  I think what happened is that the file from the restore cd is of course the right one, but I have done many updates since I have had Vista and probably this file has been changed during updates, and when I put the original back on my comp. it messed things up.  This is just my guess though.  In any case, I did all of the windows updates that my comp. needed but it's still doing it.  Should I d/l DirectX 11 and reinstall?  It came with my comp., so I don't have a d/l to use...it's on my restore cd I imagine.  If so, where can I get it?  I did a google search but can't find it; at least not on any website I trust.  I also can't find it on the Microsoft website.
 
Thanks for any help!
~Lori

Edited by hamluis, 11 March 2014 - 04:28 PM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:06:57 PM

Posted 11 March 2014 - 06:54 AM

Please open an elevated command prompt (Start, type cmd in the search box, right-click on cmd in the Programs section at the top of the Start Menu and select 'Run as administrator').

 

Enter the command sfc /scannow and press Enter.

 

The process should start and may take a while.  Please post the completion message and test whether the problem has been resolved.



#3 Lori-P_62

Lori-P_62
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire, USA ( very southwestern part)
  • Local time:01:57 PM

Posted 11 March 2014 - 03:33 PM

Well that was really bad.  I did the command prompt as admin. and did it exactly that way and my comp. wouldn't even load after restart.  It would only go to where you could choose safe mode, etc., but it wouldn't even start in safe mode.  I had to put my reformat cd in and choose to do a system restore and luckilly that worked.  Even more luckilly, I didn't have to actually reformat.  I am glad that cd has other options besides reformat.  I do use Carbonite cloud service to auto back everthing up, but it's a HUGE pain to reformat and then load everything again, especially all of the graphics I have.  Anyone else have any ideas that wouldn't cause my comp. to mess up?  It's just an error upon opening heavy loaded email.



#4 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:06:57 PM

Posted 11 March 2014 - 04:10 PM

One scenario is that the Trojan infection you found has dropped additional malware on your system, such as a rootkit, that has not been eradicated. We can provide assistance with verifying that if you so wish?

#5 Lori-P_62

Lori-P_62
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Hampshire, USA ( very southwestern part)
  • Local time:01:57 PM

Posted 11 March 2014 - 04:44 PM

I did a full virus scan again and it says no virus found, plus I ran an anti malware program, and I ran a registry cleaner.



#6 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:06:57 PM

Posted 11 March 2014 - 05:08 PM

IF there is a rootkit infection it cannot be guaranteed that ordinary antivirus/antimalware programs will detect it.

Bleeping Computer does not recommend any registry cleaners which can do more harm than good. Their use can, in themselves, necessitate an OS reinstall.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:57 PM

Posted 11 March 2014 - 06:46 PM

Trojan.Win32.Patched detections are usually legitimate (critical) Windows components that have been patched by a malicious application. Malware can add parts of its code to a system component and then patch certain functions of the original file to point to an appended code.

Anti-virus and security tools may not attempt to remove these detections as doing so could result in the computer becoming unbootable. It is not advisable to delete, rename or quarantine patched Windows components as doing so may affect system stability. Even though Windows locks its main files while they are active, modifications to the patched components may still affect them. If disinfection fails, you can attempt to restore a recent System Restore point. In many cases, the patched system component will be replaced with clean version from the backup by there is no guarantee this will work.

In some cases a Win32.Patched threat detection can be indicative of a dangerous polymorphic file infector with IRCBot functionality. The difference between file infectors (viruses) and patches is that a patch just changes a few bytes and cannot spread themselves. File infectors infect (patch) the victim file and add a virus body to perform a malicious action and can infect hundreds of other files. See Patch vs File Infector.

Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the infection without knowing more information about the actually file(s) involved. See Understanding virus names.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users