[ninpo]

So I have this virus, its been slowing down my internet. Last time I couldn't find a resolve so I rebooted the computer with files intact. I deleted most files that I didn't need anymore, old accounts in documents and settings, lots of old programs and many others. But now for some weird reason the virus resurfaced. I have tried a lot of antiviruses, none of them have really done me any good. So here's my proposition, I will pay someone to figure out how to get rid of this virus (I think its a virus). I am paying $5 by paypal, $10 if I can find the resolve within 24hrs. O also the file keeps coming back up on startup as a different name as a rundll.exe process.
Everytime I either delete or disable it on startup it keeps coming back. I'm not really computer smart I suppose so any help or advice is helpful. If you don't want money then help a fellow cn. (well thats corny)



Is it a virus?

EDIT 9/5/08. It was malware. Thanks everyone for trying to help.

[sc4fpse]

Oh, so it's YOUR internet now? Huh? How about sharing with the rest of us.


:p

[ninpo]

Confused.

[djmattcsc]

i pm'd you

[twisted1122]

have you tried HijackThis Logfileauswertung, if not, then download the program, run it, save a txt file of the results, then copy and paste back to the site where it says "You can paste a logfile in this textbox " > press analyze, then look for red X's i believe, go back and manually delete them where the program stands, hope it helps, if you need any more help pm me

[Derkel]

Ok, so go to run and then type in msconfig, from there go to the start up tab, you'll see all the programs that start up automaticly when you log on to windows, just uncheck the programs you don't remember installing and then apply, after that restart and bada bing, bada boom, its fixed

[TJ]

Yeah, what Derkel said should fix it, it could just be some malware starting up everytime you turn on your computer.

Oh wait, I just now noticed the picture.

[Derkel]

Quote:

Originally Posted by TJ

Yeah, what Derkel said should fix it, it could just be some malware starting up everytime you turn on your computer.

Oh wait, I just now noticed the picture.

Yeah, I had some malware like that and I had 4 processes named random crap like kfakfj34d3a and msconfig fixed it up

[thats2badm]

download eset nod32 and run a scan.

dll virus are usually hard to get rid of. they hide in ur system runtime and stuff

[ninpo]

Quote:

Originally Posted by twisted1122

have you tried HijackThis Logfileauswertung, if not, then download the program, run it, save a txt file of the results, then copy and paste back to the site where it says "You can paste a logfile in this textbox " > press analyze, then look for red X's i believe, go back and manually delete them where the program stands, hope it helps, if you need any more help pm me

Thats helpful, but it just came out as question marks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:46 PM, on 9/3/2008
Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\ijji\ENGLISH\u_gbound.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\Firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msconfig.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet

Settings,ProxyServer = :
O3 - Toolbar: Veoh Browser Plug-in -

{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh

Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType

Pro\itype.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate

Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft

IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program

Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [BMffe3b199] Rundll32.exe

"C:\WINDOWS\system32\smvtgtgx.dll",s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32

Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh

Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program

Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) -

http://xiah.gamescampus.com/luncher/GamesCampus.cab
O20 - AppInit_DLLs: fbcbic.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EasyHideIP - Unknown owner - C:\Program

Files\Easy-Hide-IP\services\EasyHideIp.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program

Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET

NOD32 Antivirus\ekrn.exe
O23 - Service: TCP/IP Print Server (LPDSVC) - Unknown owner -

C:\WINDOWS\system32\tcpsvcs.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp

Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6986 bytes

[dragonz2444]

well heres my 24hours fix,
download windows vista or xp - 5-6 hours depending
install windows vista or xp - hell lets say 10 hours
install NOD32 or norton or whatever all your drivers .net and service packs - 4 hours

TOTAL- 20hours (i win!)

no need to pay me its all free

[ninpo]

I have about 5 copies of xp, but thats too easy. I want to find the source thats creating these files.

[ComicConned]

download avast, reboot in safe mode, run scanner

[ninpo]

I have.....kaspersky, nod32, norton, bitdefender, spysweeper, and more. Whatever is causing it isn't showing up.

[Derkel]

Quote:

Originally Posted by ninpo

I have.....kaspersky, nod32, norton, bitdefender, spysweeper, and more. Whatever is causing it isn't showing up.

Try my method ffs

[dragonz2444]

try this

How to Fix Rundll32.exe?

[ninpo]

Quote:

Originally Posted by dragonz2444

try this

How to Fix Rundll32.exe?

Hmm I'll try that in the morning its getting late.

[ericdee]

tuneup utilities 2008 has a very useful app that allows you to see what all is starting when your computer starts. that help for stoping virus attacks.

also, spyware doctor is the best spyware app i have ever used.

[ninpo]

Everytime I disable it, it comes back as a different name and is on startup. Yes I use tuneup.