Control Panel Issues

[ldd]

Just something extra which might or might not be anything since I still haven't reformatted.

When I try to access my control panel apps the window that comes up telling me that the application is being used by another program simply says 'control panel' in the title bar (the blue bar on top, sorry, don't know the correct name). However, when I try to access my "Set Program and Access Defaults" the same message comes up but this time in the title bar it says rundll32.exe. Also, if I don't touch it, it disappears after a few seconds. I've read that that can sometimes be a virus but Norton 2006 finds nothing.

Any suggestions? Thank you in advance.

 

[howard_hopkinso]

If you antivirus doesn`t find anything try the online scanners HERE. If nothing is found, then it`s gotta be a corrupt registry or something along those lines.


Regards Howard

 

[Mictlantecuhtli]

You might be able to unlock the applications / files with Unlocker.

 

[Peddant]

I agree with Howard,it does look something is missing or corrupt.

Here are some more ideas on the spyware theme -

rundll32 is a Windows file that loads various other files and modules when called.
This includes most administration tasks.

One of the modules it is normally called to load, is the control panel.

If rundll32 is "used by another program" That usually means spyware.

One thing to try -

Go to Start/Search/then type :.cpl note the dot.

Files with .cpl extension are the individual applets in the control panel.Try clicking on each one.

More HERE

 

[ldd]

I'm sorry I haven't responded sooner. I posted just before going out and I'm heading to bed now. Thank you for your prompt responses to this, I'll try to implement your suggestions tomorrow and I'll let you know.

Thanx again!

 

[deryadok]

Hello all. This is my first post by the way

please indulge me.

I had the same problem, but i fixed it. Heres what i did:

i downloaded the "normal" version of the rundll32.exe here and then, i went in safe mode, i renamed my old C:\windows\system32\rundll32.exe to rundll32.bak (just in case it goes wrong) and i put the one i downloaded in the windows\system32 folder and now the problem is solved

 

[ldd]

G'day deryadok and welcome I'm new too.

I'll try to do what you advised when I get home tonight if downloading the unblocker Mictlantecuhtli suggested doesn't work. Did you also have problems accessing applications within the control panel and system settings?

 

[howard_hopkinso]

Did you run Ewido? If not, you should run it as per these instructions HERE.

Regards Howard

 

[ldd]

Ok, so here's the update...

I tried opening the .cpl's as Peddant suggested. They are all apparently being used by another program.

I also tried what deryadok suggested, however I cannot change the name of the rundll32.exe even in safe mode because, of course, it is being used by another program.

Unlocker unfortunately has not worked either, thank you though Mictlantecuhtli.

I don't know if anyone noticed but another member, westernwarrior, had the same issue but just fixed it because ewido found the problem. ewido obviously won't go to the same amount of effort for me At least I know what the source of the problem is.

I'm now going to re-run all the online scanners howard_hopkinso suggested and hope they find it


*edit: we apparently posted at the same time howard yes, I have tried ewido but will continue to do so

 

[ldd]

SUCCESS!!! Now, let me try to explain how I did it and perhaps someone can tell me if I've seriously messed up my system or not.

It was basically a mix of everything that was suggested that did the trick.

After running the online scans a few times I realised that they weren't helping because the file that needed examining was being skipped over (among others) because it was locked so I felt that I had run out of options again. After having read other posts it seemed a certainty that the problem was the rundll32.exe file. Randomly it appears, Unlocker finally decided worked despite not working before. In safe mode, I managed to change the .exe file to .bak as suggested by deryadok by using the renaming option on Unlocker and then added the downloaded rundll.32 file from the website. Once I was back in normal mode I ran ewido again and THEN it picked up that there was a trojan.small.js in the rundll32.bak file and quarantined it. I can now access the apps I couldn't before

I think that's how I did it. I'm quite nervous since by the time it worked I was trying anything and I'm hoping I didn't mess anything up. In the system32 folder there are now 3 similar files. RunDLL32 which has no .exe or anything affixed to it and appears to have no program to open it, based on it's icon. rundll32.exe (the downloaded one) whose icon is just a blank piece of paper and rundll32.exe.tmp whose icon resembles the RunDLL32. Does that sound ok? I'm not sure...

Anyway, I believe that's how it worked out. Thank you to all who helped me, it was a mix of all the suggestions that worked. howard_hopkinso, deryadok, Peddant, Mictlantecuhtli and westernwarrior your input was invaluable, thank you all very much.

For those who may be interested, I've attached the results of the scans in txt format to see which files were blocked and also the ewido report that quarantined the trojan.

Thank you again.

 

[howard_hopkinso]

That`s fantastic news.

Thanks for letting us know.

If you have any further virus/spyware problems, please post in this thread. Hopefully, we`ll be able to sort it out quicker next time(if there is one) lol.

Regards Howard

P.s. If your system is running ok, then you haven`t messed it up.

This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ldd]

Hello everyone!

I am, unfortunately for my computer, back...and this time I know I caused the problem through my own stupidity

I opened a file tonite and immeadiately 7 pop ups appeared out of nowhere. I deleted the file straightaway and ran ewido which picked up two trojans that weren't there yesterday and quarantined them. However, now in my taskbar there's an invisible program (there's a space there but no actual icon) called mIRC32. It appears to be a chat program which I definetely don't want and can be accessed by right clicking on the invisible icon. I tried to exit it but when I do that it just re-opens those 7 pop ups and doesn't close. I tried to delete it with Add/Remove programs but it says I need to exit the program first for it to remove it. So I'm stuck there

I looked it up and does appear that it's a pretty dangerous virus/spyware to have on your computer. Also, Norton has starting picking up random attacks on the computer since it's been there (about 2 hours now), someone trying change my homepage, change norton settings etc. I've denied all of that, but I'm guessing it's doing stuff that norton can't pick up on too.

Any advice?

Here's the HJT

 

[tomrca]

if mIRC32 is an installed programme first uninstall it then run a search for any of its files. and then see if it has an un-subcribe link. perhaps you got an e-mail to activate your account, there maybe a lilnk to undo it. clear cookies too. to end the programme, first try right cliking on the icon and select exit. or open your task manager and highlite the application and then select end task, or select processes tab, and if you can recognise the process, highlite it then selct end process/task

then run spikes instructions from here, i think you alrready know the rest

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zzz.uv.ro/adver.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.uv.ro/adver.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

F3 - REG:win.ini: run=c:\windows\system32\include\svchost.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

c:\windows\system32\include

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ldd]

You saved me again Howard All seems to be clear now, thank you very much!! Here's the fresh HJT.

 

[howard_hopkinso]

Your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ldd]

HJT Log

Hi everyone!

Just wanted to post a HJT log and do a general check up on things, my internet connection has been going a little slower lately and I think there are things going on that I can't explain, like settings resetting themselves automatically to their default. However, I could be imagining it as it only happens in programs I don't use very often

Anyway, if anyone could just have a look at my log and let me know if anything needs fixing I'd appreciate it

Also, could someone advise me on whether I should be adding any kind of anti-virus or firewall to my system or not? I run Norton Internet Security 2006 (I know it's not popular round here, but I bought it before I started reading posts on this site ) as well as Ewido AntiSpyare and NoAdware.

Thanks in advance!!

 

[howard_hopkinso]

Have HJT fix this entry.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

Other than that, your HJT log is clean.

Download the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes. You can get them HERE, HERE, HERE and HERE.

Disconnect from the net and uninstall Norton. if you have problems with the uninstall, see this thread HERE.

Once Norton is completely uninstalled, install whichever firewall you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times. Reconnect to the net and run the antivirus updates.

You should see an improvement in your systems speed.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ldd]

Thanks for that Howard

I was wondering if Norton is actually bad for my system? I'm loathe to uninstall it now since I paid alot of money for it, and was wondering if it would do my system harm to simply wait til it expires before getting rid of it?

Also, while I have no idea how to read an hjt log, I do run it occasionally and try to decipher it just to learn on my own, and one thing that I have noticed is that the entry that you're asking me to fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

is pretty much always there I think. I remember you suggesting I delete it when I had problems before and I did, and now it's back. I'm pretty sure I've seen it before too. Is that a bad sign?

 

[howard_hopkinso]

In my opinion Norton is bad for your system is several ways.

It`s the biggest resource hogger around see HERE for proof. It`s not very good at killing/stopping viruses and it`s been known to cause system instability on some systems.

Of course, if you wish to wait untill your subscription runs out, then that`s fine. I suppose it depends on whether you want to put up with a sluggish system until then.

As for this entry in your HJT log.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

Fix the above entry then delete this bold file if found. C:\WINDOWS\System32\blank.htm

It could possibly be nasty, but not necessarily so. See if it comes back after doing the above.

To be perfectly honest, you`d be better off using Firefox rather than IE. It`s a lot more secure. Just use IE for Windows updates and the odd site that doesn`t work with Firefox.

Regards Howard

This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ldd]

It doesn't seem to be reappearing. Thanks.

I do primarily use Firefox, which I prefer to IE anyway. I'll let you know if it re-appears

Thanks mate.

 

[ldd]

protection overkill?

Hi guys!

I just wanted to run something by you. I recently rid myself of Norton Internet Security 2006 and my mate installed Kaspersky Internet Security 6.0 and Zone Alarm Pro for me. I already had Ad-Aware SE Professional installed from before so that's still there too. My question is whether this is overkill? Are these programs making each other redundant or possibly interferring with each other? Is this a good mix, or should I add/remove some programs?

Also attached is my hjt, just a general check up

Thanks in advance.

 

[tomrca]

it is best to choose only one. running two firewalls will definately cause problems and most likely two av's.

keeping ad-aware 6 is not a problem, although running it at the same time as another programme may conflict.

your hjt looks good, although there still some symantec/norton files that could be removed.
using search , look for 'symantec and norton'. and remove them. don't do anything with your hjt log, untill howard has looked at it.

 

[ldd]

Thanx for the advice guys, much appreciated!

Is it therefore advisable to lose Zone Alarm Pro?

 

[howard_hopkinso]

Your HJT log is clean. However, you still have some Symantec entries running, so let`s get rid of them.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html


Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Symantec Core LC
Automatic LiveUpdate Scheduler

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ccApp.exe
ALUSchedulerSvc.exe
symlcsvc.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Symantec
C:\Program Files\Common Files\Symantec Shared


Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Keep Zonealarm, otherwise, you won`t have a firewall running.


Regards Howard

This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.