Posted 29 October 2006 - 12:38 PM
A little background:
I have a Win98 system with 5 users. 6, if you count the default user (click on cancel at the Windows Login dialog box). When I found I was infected the other day, I manually cleaned up my PC while logged in as a user. Or so I thought. I then logged in under the users to make sure it was clean. I found other malware on these logins, and now the one I thought I had cleaned up is re-infected. Also, sometimes I get a lot of "rundll32 has performed an illegal operation" errors, sometimes I get none. Periodically, I restore rundll32.exe from the CAB files, which seems to help for awhile. But then it comes back. I am now trying to work through the guide before posting HijackThis logs.
1. Do I have to go through the malware removal cycle (scan, post HijackThis logs, etc.) for each of these users?
2. Should the scans such as Ad-Aware, Spybot, SuperAntiSpyware, etc. be run all in safe mode, or logged in as a user?
3. Are the rundll32 errors caused by malware?