Control Panel Issues

Unfortunately I can't disable System Restore because "system" is one of the apps in the control panel that won't open. I'm not sure if it would make a difference either because in safe mode I still can't open the files in the 'etc' folder. I did however delete the hosts.msn file so I'm staying positive, lol.

Try this.

Right click my computer and select properties, then the system restore tab. Tick the box that says turn off system restore. Click apply/ok.

Regards Howard

"another program is currently using this file"

It won't let me right click on properties, it just says that when I do.

Something`s definitely not right here.

I`m very tempted to advise you to backup your important data and reformat.

However, before you do that, maybe you`d like to try a Windows repair as per this thread HERE.

Regards Howard

This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

It's annoying because the rest of windows functions without issue. If only the control panel was not so important

Thank you for helping out, much appreciated. I guess I'll do that eventually, but I'll spend a few days smacking my head into a wall first in frustration while hoping that a solution suddenly appears. I will however start backing up files asap.

Thanks again.

Just something extra which might or might not be anything since I still haven't reformatted.

When I try to access my control panel apps the window that comes up telling me that the application is being used by another program simply says 'control panel' in the title bar (the blue bar on top, sorry, don't know the correct name). However, when I try to access my "Set Program and Access Defaults" the same message comes up but this time in the title bar it says rundll32.exe. Also, if I don't touch it, it disappears after a few seconds. I've read that that can sometimes be a virus but Norton 2006 finds nothing.

Any suggestions? Thank you in advance.

If you antivirus doesn`t find anything try the online scanners HERE. If nothing is found, then it`s gotta be a corrupt registry or something along those lines.


Regards Howard

I agree with Howard,it does look something is missing or corrupt.

Here are some more ideas on the spyware theme -

rundll32 is a Windows file that loads various other files and modules when called.
This includes most administration tasks.

One of the modules it is normally called to load, is the control panel.

If rundll32 is "used by another program" That usually means spyware.

One thing to try -

Go to Start/Search/then type :.cpl note the dot.

Files with .cpl extension are the individual applets in the control panel.Try clicking on each one.

More HERE

I'm sorry I haven't responded sooner. I posted just before going out and I'm heading to bed now. Thank you for your prompt responses to this, I'll try to implement your suggestions tomorrow and I'll let you know.

Thanx again!

Hello all. This is my first post by the way

please indulge me.

I had the same problem, but i fixed it. Heres what i did:

i downloaded the "normal" version of the rundll32.exe here and then, i went in safe mode, i renamed my old C:\windows\system32\rundll32.exe to rundll32.bak (just in case it goes wrong) and i put the one i downloaded in the windows\system32 folder and now the problem is solved

G'day deryadok and welcome I'm new too.

I'll try to do what you advised when I get home tonight if downloading the unblocker Mictlantecuhtli suggested doesn't work. Did you also have problems accessing applications within the control panel and system settings?

Did you run Ewido? If not, you should run it as per these instructions HERE.

Regards Howard

Ok, so here's the update...

I tried opening the .cpl's as Peddant suggested. They are all apparently being used by another program.

I also tried what deryadok suggested, however I cannot change the name of the rundll32.exe even in safe mode because, of course, it is being used by another program.

Unlocker unfortunately has not worked either, thank you though Mictlantecuhtli.

I don't know if anyone noticed but another member, westernwarrior, had the same issue but just fixed it because ewido found the problem. ewido obviously won't go to the same amount of effort for me At least I know what the source of the problem is.

I'm now going to re-run all the online scanners howard_hopkinso suggested and hope they find it


*edit: we apparently posted at the same time howard yes, I have tried ewido but will continue to do so

SUCCESS!!! Now, let me try to explain how I did it and perhaps someone can tell me if I've seriously messed up my system or not.

It was basically a mix of everything that was suggested that did the trick.

After running the online scans a few times I realised that they weren't helping because the file that needed examining was being skipped over (among others) because it was locked so I felt that I had run out of options again. After having read other posts it seemed a certainty that the problem was the rundll32.exe file. Randomly it appears, Unlocker finally decided worked despite not working before. In safe mode, I managed to change the .exe file to .bak as suggested by deryadok by using the renaming option on Unlocker and then added the downloaded rundll.32 file from the website. Once I was back in normal mode I ran ewido again and THEN it picked up that there was a trojan.small.js in the rundll32.bak file and quarantined it. I can now access the apps I couldn't before

I think that's how I did it. I'm quite nervous since by the time it worked I was trying anything and I'm hoping I didn't mess anything up. In the system32 folder there are now 3 similar files. RunDLL32 which has no .exe or anything affixed to it and appears to have no program to open it, based on it's icon. rundll32.exe (the downloaded one) whose icon is just a blank piece of paper and rundll32.exe.tmp whose icon resembles the RunDLL32. Does that sound ok? I'm not sure...

Anyway, I believe that's how it worked out. Thank you to all who helped me, it was a mix of all the suggestions that worked. howard_hopkinso, deryadok, Peddant, Mictlantecuhtli and westernwarrior your input was invaluable, thank you all very much.

For those who may be interested, I've attached the results of the scans in txt format to see which files were blocked and also the ewido report that quarantined the trojan.

Thank you again.

That`s fantastic news.

Thanks for letting us know.

If you have any further virus/spyware problems, please post in this thread. Hopefully, we`ll be able to sort it out quicker next time(if there is one) lol.

Regards Howard

P.s. If your system is running ok, then you haven`t messed it up.

This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Hello everyone!

I am, unfortunately for my computer, back...and this time I know I caused the problem through my own stupidity

I opened a file tonite and immeadiately 7 pop ups appeared out of nowhere. I deleted the file straightaway and ran ewido which picked up two trojans that weren't there yesterday and quarantined them. However, now in my taskbar there's an invisible program (there's a space there but no actual icon) called mIRC32. It appears to be a chat program which I definetely don't want and can be accessed by right clicking on the invisible icon. I tried to exit it but when I do that it just re-opens those 7 pop ups and doesn't close. I tried to delete it with Add/Remove programs but it says I need to exit the program first for it to remove it. So I'm stuck there

I looked it up and does appear that it's a pretty dangerous virus/spyware to have on your computer. Also, Norton has starting picking up random attacks on the computer since it's been there (about 2 hours now), someone trying change my homepage, change norton settings etc. I've denied all of that, but I'm guessing it's doing stuff that norton can't pick up on too.

Any advice?

Here's the HJT

if mIRC32 is an installed programme first uninstall it then run a search for any of its files. and then see if it has an un-subcribe link. perhaps you got an e-mail to activate your account, there maybe a lilnk to undo it. clear cookies too. to end the programme, first try right cliking on the icon and select exit. or open your task manager and highlite the application and then select end task, or select processes tab, and if you can recognise the process, highlite it then selct end process/task

then run spikes instructions from here, i think you alrready know the rest

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zzz.uv.ro/adver.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.uv.ro/adver.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

F3 - REG:win.ini: run=c:\windows\system32\include\svchost.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

c:\windows\system32\include

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

You saved me again Howard All seems to be clear now, thank you very much!! Here's the fresh HJT.