Symptoms: red cross icon in windows explorer next to c: drive. Also, Rundll dialog box pops up on starting windows, saying specified module fddrcrny.dll file could not be found - looks like spam, I have completed all the steps in techspot.com vb topic58138 and have attached the HJT logfile, combofix log files. AVG Spyware freeversion did not allow saving report but it did find malware - which was quarantined and deleted. Panda Antiroot did not find any root problems. Many thanks for taking a look at this,
Red Cross in Win Explorer C: drive
- Thread starter Panocam
- Start date
- Status
You have software in conflict with each other. I see you have both Symantec and AVG... use one or the other.
I see Symantec,
Adaware
Spybot
Shockproof
Rootkit (Panda)
AVG antispyware
AVG antivirus
Zone Alarm
I would use AVG only... or if necessary, Symantec only... and rethink everything else having to do with security.
But I would run a drive fitness test on your hard drive... and perhaps MemTest86, just so you have ruled out hardware problems.
You should go to Event Viewer (Start->Control Panel->Administrative Tools->Computer Management to see what red and yellow flags you have there and see how their timings related to the times other things go wrong.
I see Symantec,
Adaware
Spybot
Shockproof
Rootkit (Panda)
AVG antispyware
AVG antivirus
Zone Alarm
I would use AVG only... or if necessary, Symantec only... and rethink everything else having to do with security.
But I would run a drive fitness test on your hard drive... and perhaps MemTest86, just so you have ruled out hardware problems.
You should go to Event Viewer (Start->Control Panel->Administrative Tools->Computer Management to see what red and yellow flags you have there and see how their timings related to the times other things go wrong.
The "red cross" seems to be a symptom for a virus attack. I did not look for any legit use of this symbol by Win XP to denote a trouble condition.
Here is a sample from the HJT - unusual spelling
O2 - BHO: (no name) - {F33A8BAB-2593-4DDB-A49A-2110E00DE54A} - C:\WINDOWS\system32\urqqq.dll (file missing)
I am guessing that Vundo attacks are on the rise. What happened when the tools (step 10) were run?
You are running with ZoneAlarm. If you have a router & a home network, take that network & classify it as 'internet' (Firewall ! Zones). Keep computers from cross-infections.
To completely remove all traces of Symantec/Norton, you need a version of their Norton_Removal_Tool.exe.
Owing to Raybay's experience, looking at the event logs should be done, as well. Problems with the hardware, OS, and applications can be mistakenly labeled as a 'virus' attack.
Here is a sample from the HJT - unusual spelling
O2 - BHO: (no name) - {F33A8BAB-2593-4DDB-A49A-2110E00DE54A} - C:\WINDOWS\system32\urqqq.dll (file missing)
I am guessing that Vundo attacks are on the rise. What happened when the tools (step 10) were run?
You are running with ZoneAlarm. If you have a router & a home network, take that network & classify it as 'internet' (Firewall ! Zones). Keep computers from cross-infections.
To completely remove all traces of Symantec/Norton, you need a version of their Norton_Removal_Tool.exe.
Owing to Raybay's experience, looking at the event logs should be done, as well. Problems with the hardware, OS, and applications can be mistakenly labeled as a 'virus' attack.
Blind Dragon
Posts: 3,774 +4
Definitely an infection, somebody who is experienced with Combofix will need to solve this one. I see some definite infections, but cannot offer the solution as I am not 100% experienced with combofix yet.
- Status
Latest posts
-
All Cybertrucks recalled because acceleration pedals can become stuck- Daniel Sims replied
-
Astronomers gather additional evidence suggesting Planet Nine is real- Plutoisaplanet replied
-
These credit cards feature OLEDs that light up upon payment- Uncle Al replied
-
Amazon denies reports it started a business just to spy on rivals- nitebird replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
