TechSpot

Rundll.exe, cmd.exe not initialising + other probs :(

By stazi
May 31, 2008
  1. Ok, I seem to have a string of problems.

    1) When I try to logon, I get a message saying userinit failed to initialise
    2) I have to manually start explorer.exe as a process
    3) It then says rundll.exe failed to initialise
    4) If I run cmd.exe, it also says it failed to initialise
    5) Autoupdate becomes disabled
    6) No control panel functions work

    ESET has recently quarantined quite a few files. These are:

    28/05/2008 8:51:25 PM Real-time file system protection file F:\Autorun.inf Win32/AutoRun.KP worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
    30/05/2008 1:12:20 PM Real-time file system protection file C:\DOCUME~1\STASM~1\LOCALS~1\Temp\NERO14768\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\STASM~1\LOCALS~1\Temp\Nero-8.3.2.1_eng_trial_2.exe.
    30/05/2008 2:40:21 PM Real-time file system protection file E:\Autorun.inf Win32/PSW.OnLineGames.NLE trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
    31/05/2008 12:29:58 AM Real-time file system protection file C:\DOCUME~1\STASM~1\LOCALS~1\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\mslatest_updt.exe. Note: this one repeats many times (every time i boot)
    31/05/2008 2:06:48 PM HTTP filter file HTTP 62.4.83.200/kb713501.exe?&uid=6A094B842E5511DDB3AB154928CFFFFF&rid=mm2&guid=64B4E773C8C24893A78CDD3EB17D310B&affid=154928"] HTTP 62.4.83.200/kb713501.exe?&uid=6...mp;affid=154928Win32/PrivacySet.B trojan connection terminated - quarantined STAS-NB\Stas M Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe. This seems to be that SmitFraud virus, but I can't run the smitfraudfix as my cmd.exe doesn't work :(

    Hijack this log attached
     
  2. stazi

    stazi TS Rookie Topic Starter

    spybot found:

    Adrevolver (3 entries)
    BurstMedia (2 entries)
    DoubleClick (2 entries)
    FastClick (4 entries)
    HitBox (5 entries)
    MediaPlex (3 entries)
    Right Meida (1 entries)
    Statcounter (29 entries)
    Tradedoubler (2 entries)
    Virtumonde (2 entries)
    Virtumonde.dll (3)
    Webtrends live (2)
    Win32.BHO.df (1)
    Zedo (5)
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    "mmm lots of delicious viruses found sad.gif"

    I see you have gone onto Malwarebytes on another forum. Are you going to do this yourself or wait for someone tor review your logs?

    Even without looking for malware, I see only the Nod32 AV program running- no firewall, no spyware/adware programs. How do you expect to keep clean with no security?
     
  4. stazi

    stazi TS Rookie Topic Starter

    I have used other forums to try and solve my problem, and whilst I removed the virus, some nasty effects remain (e.g. I can't see my network connections, or even enable the service; can't copy-paste).

    I had the windows firewall enabled before the virus came into effect, and the latest Nod32 also supports spyware protection.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You re free to use as many programs and forums as you want. But when asking for help and a specific process is suggested, it's not going to work if you do half here, half on other forums. It's your call. The way I happened on the other was in checking for some of your processes which weren't familiar. Strangely enough, the only hit that came up, continuously, for several of them, was in your post on the other forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...