also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot
Collaborate in the cloud with Office, Exchange, SharePoint, and Lync.
Microsoft Office 365. Pay-as-you-go starting at $8/user/month. Begin your free trial now.

Rundll.exe, cmd.exe not initialising + other probs :(

Discussion in 'Virus and Malware Removal' started by stazi, May 31, 2008.

Thread Status:
Not open for further replies.

  1. stazi Newcomer, in training

    Ok, I seem to have a string of problems.

    1) When I try to logon, I get a message saying userinit failed to initialise
    2) I have to manually start explorer.exe as a process
    3) It then says rundll.exe failed to initialise
    4) If I run cmd.exe, it also says it failed to initialise
    5) Autoupdate becomes disabled
    6) No control panel functions work

    ESET has recently quarantined quite a few files. These are:

    28/05/2008 8:51:25 PM Real-time file system protection file F:\Autorun.inf Win32/AutoRun.KP worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
    30/05/2008 1:12:20 PM Real-time file system protection file C:\DOCUME~1\STASM~1\LOCALS~1\Temp\NERO14768\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\STASM~1\LOCALS~1\Temp\Nero-8.3.2.1_eng_trial_2.exe.
    30/05/2008 2:40:21 PM Real-time file system protection file E:\Autorun.inf Win32/PSW.OnLineGames.NLE trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
    31/05/2008 12:29:58 AM Real-time file system protection file C:\DOCUME~1\STASM~1\LOCALS~1\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\mslatest_updt.exe. Note: this one repeats many times (every time i boot)
    31/05/2008 2:06:48 PM HTTP filter file HTTP 62.4.83.200/kb713501.exe?&uid=6A094B842E5511DDB3AB154928CFFFFF&rid=mm2&guid=64B4E773C8C24893A78CDD3EB17D310B&affid=154928"] HTTP 62.4.83.200/kb713501.exe?&uid=6...mp;affid=154928Win32/PrivacySet.B trojan connection terminated - quarantined STAS-NB\Stas M Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe. This seems to be that SmitFraud virus, but I can't run the smitfraudfix as my cmd.exe doesn't work :(

    Hijack this log attached
    stazi, May 31, 2008
    #1

  2. stazi Newcomer, in training

    spybot found:

    Adrevolver (3 entries)
    BurstMedia (2 entries)
    DoubleClick (2 entries)
    FastClick (4 entries)
    HitBox (5 entries)
    MediaPlex (3 entries)
    Right Meida (1 entries)
    Statcounter (29 entries)
    Tradedoubler (2 entries)
    Virtumonde (2 entries)
    Virtumonde.dll (3)
    Webtrends live (2)
    Win32.BHO.df (1)
    Zedo (5)
    stazi, May 31, 2008
    #2

  3. Bobbye Helper on the Fringe

    "mmm lots of delicious viruses found sad.gif"

    I see you have gone onto Malwarebytes on another forum. Are you going to do this yourself or wait for someone tor review your logs?

    Even without looking for malware, I see only the Nod32 AV program running- no firewall, no spyware/adware programs. How do you expect to keep clean with no security?
    Bobbye, May 31, 2008
    #3

  4. stazi Newcomer, in training

    I have used other forums to try and solve my problem, and whilst I removed the virus, some nasty effects remain (e.g. I can't see my network connections, or even enable the service; can't copy-paste).

    I had the windows firewall enabled before the virus came into effect, and the latest Nod32 also supports spyware protection.
    stazi, May 31, 2008
    #4

  5. Bobbye Helper on the Fringe

    You re free to use as many programs and forums as you want. But when asking for help and a specific process is suggested, it's not going to work if you do half here, half on other forums. It's your call. The way I happened on the other was in checking for some of your processes which weren't familiar. Strangely enough, the only hit that came up, continuously, for several of them, was in your post on the other forum.
    Bobbye, May 31, 2008
    #5
Thread Status:
Not open for further replies.