Rundll32.exe trojan horse - Free Antivirus Forum

Free Antivirus Forum - Learn about antivirus, firewalls and personal security

Rundll32.exe trojan horse

BullGuard Antivirus Forum > Virus Removal > Removal Tools > Rundll32.exe trojan horse

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Cokaric
New Member

Date Joined Apr 2007
Total Posts : 9

Posted 8-20-2008 10:59 (GMT +2)

I am infected with trojan horse rundll.32, it canot be remove manual. because of rundll32.exe my explorer can be stable only for 3 s, then exporer crash, if you know how to fix the problem please post, otherwise i will format my particion with windows, i canot run any program like alcohol, deamon tools, firefox 3.0, IE 7, when i plug HDD on other comp i cant boot from HDD, a BSOD appers for a second and comp restart, if i boot to safe mode explorer also crash after 10 s.

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 22:35:48, on 20.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
E:\Program Files\Network Associates\Common Framework\FrameworkService.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\WINDOWS\system32\taskmgr.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\DarkSons files\$$Money$$\Bux.to Autoclicker\Bux.to Autoclicker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\MARINC~1\LOCALS~1\Temp\Rar$EX01.797\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [FirefoxUltimateOptimizer] "C:\S desktopa\Rasporedi\Firefox Ultimate Optimizer1.1 Upload by shO\Firefox Ultimate Optimizer.exe"
O4 - HKCU\..\Run: [ViStart] E:\Program Files\ViStart\ViStart
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: Pošalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Po&šalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: E:\program files\permissionresearch\prai.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - E:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

SUPERAntiSpyware

I scaned only my particion wit win because i have some ilegal programs on D:\, and they are usually block after scan and deleted, there are some keygens and crack nothing else, and modified winXP SP3 with slipstreamed programs like WLM, WMP 11, WinRAR, and Office 2007 student edition, please dont ban me or del this mess because of this
In my count the ilegal stuff are legal, we pay teaks for CD s DVD s, HDD s, thats only thing i love in my country, i cant go in jail for ilegal soft

AATF DarkSons

Post Edited (Cokaric) : 20-08-2008 21:18:48 GMT

rhen
New Member

Date Joined Sep 2008
Total Posts : 1

Posted 9-3-2008 11:27 (GMT +2)

Yeah, me too... My laptop being infected by this trojan.
I'm using Vundo.exe to delete it, but somehow the rundll32.exe that have been infected still can't be healed
My explorer.exe process always terminated everytime I started it.

Can someone help me too ?

Cokaric
New Member

Date Joined Apr 2007
Total Posts : 9

Posted 9-4-2008 12:00 (GMT +2)

I deleted the trojan rundll32.exe

using this

http://rapidshare.com/files/137116032/Malwarebytes__Anti-Malware.rar

For removing VIRUS ALERT

http://rapidshare.com/files/140906200/Remove_Virus_Alertrar.rar

If u need Nod32

http://rapidshare.com/files/140574680/ESET_NOD32_Antivirus.rar

u will also find there a

SUPERAntiSpyware

u can also download him from here

http://www.bullguard.com/forum/10/Before-posting-a-log_43566.html

pass for rar files are darksons.com

Best regards

AATF DarkSons

Cokaric
New Member

Date Joined Apr 2007
Total Posts : 9

Posted 10-27-2008 10:38 (GMT +2)

sory for late reply, u need to copy this original rundll32.exe after u remove a old with virus

AATF DarkSons

File Attachment :
RUNDLL32.EXE 31KB (application/x-msdownload)

This file has been downloaded 801 time(s).

Forum Information

Currently it is Thursday, September 02, 2010 10:24 PM (GMT +2)
There are a total of 79.571 posts in 17.981 threads.
In the last 3 days there were 4 new threads and 20 reply posts. View Active Threads