1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Red Cross in Win Explorer C: drive

By Panocam ยท 6 replies
Feb 16, 2008
  1. Symptoms: red cross icon in windows explorer next to c: drive. Also, Rundll dialog box pops up on starting windows, saying specified module fddrcrny.dll file could not be found - looks like spam, I have completed all the steps in techspot.com vb topic58138 and have attached the HJT logfile, combofix log files. AVG Spyware freeversion did not allow saving report but it did find malware - which was quarantined and deleted. Panda Antiroot did not find any root problems. Many thanks for taking a look at this,

    Attached Files:

  2. raybay

    raybay TS Evangelist Posts: 7,241   +10

    You have software in conflict with each other. I see you have both Symantec and AVG... use one or the other.
    I see Symantec,
    Rootkit (Panda)
    AVG antispyware
    AVG antivirus
    Zone Alarm

    I would use AVG only... or if necessary, Symantec only... and rethink everything else having to do with security.

    But I would run a drive fitness test on your hard drive... and perhaps MemTest86, just so you have ruled out hardware problems.
    You should go to Event Viewer (Start->Control Panel->Administrative Tools->Computer Management to see what red and yellow flags you have there and see how their timings related to the times other things go wrong.
  3. rf6647

    rf6647 TS Maniac Posts: 829

    The "red cross" seems to be a symptom for a virus attack. I did not look for any legit use of this symbol by Win XP to denote a trouble condition.

    Here is a sample from the HJT - unusual spelling
    O2 - BHO: (no name) - {F33A8BAB-2593-4DDB-A49A-2110E00DE54A} - C:\WINDOWS\system32\urqqq.dll (file missing)

    I am guessing that Vundo attacks are on the rise. What happened when the tools (step 10) were run?

    You are running with ZoneAlarm. If you have a router & a home network, take that network & classify it as 'internet' (Firewall ! Zones). Keep computers from cross-infections.

    To completely remove all traces of Symantec/Norton, you need a version of their Norton_Removal_Tool.exe.

    Owing to Raybay's experience, looking at the event logs should be done, as well. Problems with the hardware, OS, and applications can be mistakenly labeled as a 'virus' attack.
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Definitely an infection, somebody who is experienced with Combofix will need to solve this one. I see some definite infections, but cannot offer the solution as I am not 100% experienced with combofix yet.
  5. Panocam

    Panocam TS Rookie Topic Starter

    Thanks, still working on it

    Thanks Raybay, I had trouble removing Norton but thanks to rf6647 advice, the Norton Removal tool did the trick, phew! more to come in next post...
  6. Panocam

    Panocam TS Rookie Topic Starter

    Zone alarm adjusted..

    Thanks rf6647, have made the adjustments in Zonealarm, will post screen shot of the Event log showing the problem on starting windows, in next post.....
  7. Panocam

    Panocam TS Rookie Topic Starter

    event log

    I have attached a screenshot of the event log showing the error that occurs after immediately after windows start up, and a screenshot of the dialog box showing the rundll error, many thanks for your assistance with this
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...