Task Manager and regedit not working

[Bobbye]

Yes, he must have had a previous Haxdoor infection, clean it, then used an infected System restore point and reinfected the system!

 

[Blind Dragon]

possibly - it could also be a legit file

I also would like you to navigate to the file C:\WINDOWS\system32\cssdll32.dll -> right click it -> select properties and see who the company is - let us know who the company that signed it is if any

 

[Thatone]

OTMoveIt2 log attached

 

[Thatone]

Attached Haxfix log

 

[Thatone]

C:\WINDOWS\system32\cssdll32.dll - not found on system

 

[xxdanielxx]

cssdll32.dll is Win32.X trojan

 

[Thatone]

Have done a new hijack log aswell

 

[Bobbye]

Please see:

Purpose of this file:
Cssdll32.dll is a file that was most likely installed by you, it would not have come as preinstalled software on your computer. You can view the actual file location below, always do this as spyware and adware tend to use like names, hoping to fool you into thinking its a needed module. This module is part of the Comodo security update. I've seen many sites report cssdll32.dll as a virus, but I think that is incorrect and is part of the security software from Comodo, just verify the location as shown below. This program is considered safe and is ok to leave on your computer.

What is the cssdll32.dll location, where is it stored on my computer?
You may see this installed with multiple programs in your startup shown as: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

http://www.what-is-exe.com/filenames/cssdll32-dll.html

 

[xxdanielxx]

But does he have comodo if not then it can be related to malware I have not look at his log just because this is not my battle.

 

[xxdanielxx]

also if you go to the link below it is a report of this file look threw only one found it to be a threat so it can be a legit file

http://virscan.org/report/779d5de86e64f588667e8c12c03efbc1.html

prevx found it to be a trojan

 

[kimsland]

OTMoveIt2 log attached

c:\windows\system32\cssdll32.dll moved successfully

I believe it is now gone

Edit:

Hold that thought!

The latest HJT log shows C:\WINDOWS\system32\cssdll32.dll

 

[Bobbye]

Daniel, see my post #23. It will show you how this process played out. I "assumed" that because he did a System Restore, that he had reinfected the system> However, since the Haxdor program is clean and since Comodo is now on the system, it appears it my be from Comodo,

C:\WINDOWS\system32\cssdll32.dll

Is that exactly how it is written, because that is new.

The FULL HijackLog entry is:

O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

 

[xxdanielxx]

the thing is the very first log show comodo installed and does not have that so to me it looks like it is bad but I would say do what BD said check the properties for the company that made the file

 

[Thatone]

yes i have comodo installed

when searching for that file it is not there.

i have connected pc to the internet now only site come to is this one)

run a virus scan (avg8)there is win32/tanatos.m virus popping up on my c and d drive. 270 events
also alot of tracking cookies

 

[xxdanielxx]

please download the program below and attach the main and extra

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach both in your next reply

 

[Thatone]

that link does not go anywhere

 

[Thatone]

have got a copy and have attached the txt files

 

[kimsland]

please download the program below and attach the main and extra

Please download http://www.techsupportforum.com/sectools/Deckard/dss.exe

xxdanielxx Please read [URL="http://www.techsupportforum.com/security-center/hijackthis-log-help/280436-important-regarding-deckard-s-system-scanner-dss-exe.html"]here

 

[xxdanielxx]

yes but he does not have a rootkit and if so since we already ran dss please remove it.

Thanks Kim

 

[xxdanielxx]

I didn't see anything bad I think avg is seeing HaxFix.exe as something bad but just to make sure diasable avg and run this online scan post the repot here make sure to select my computer if you run the kaspersky scan

Please run an on-line virus scan at http://www.kaspersky.com/virusscannerKaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

 

[Thatone]

ran bit defender, could not access other two

c:\program files\online services\btyahoo\hppre05.msi=>[embeded... detected with
c:\program files\online services\btyahoo\hppre05.msi=>[embeded... disenfectection failed
c:\program files\online services\btyahoo\hppre05.msi=>[embeded... deleted
c:\program files\online services\btyahoo\hppre05.msi=>[embeded... update failed


thats all i could see the log file just came up blank

 

[xxdanielxx]

Update your AV and run a full scan post the result here also the location of the threats

 

[Thatone]

avg reported nothing all clear

 

[xxdanielxx]

Ok let start the cleaning process it can be something in the system restore that is being detected. What version of AVG do you have

OTCleanit! by Oldtimer

• Download OTCleanIt
• Click the CleanUp! button.
  (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot

======================================

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

================================

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
   
6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
   
7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
   
9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

xxdanielxx

Once all this is done try running that online scan again to see if anything comes up

 

[egydarceyes]

Hello guys,

I have read this thread and the problem the thread maker has is pretty similar to the problem I'm facing, hence why I wanted to post in here.


I own an HP DV6626us that came with Vista Home Premium installed, I've had some issues, some ups and downs. About a week ago, I decided that it's time for me to downgrade, one of my friends told me that it's quite easy and it's less headache.

I have downgraded to XP professional SP2, I had to do some tweaks to install it and get it past Vista SATA driver.

Now I'm just realizing that none of my essentials things are working.
Command prompt, msconfig, regedit... all aren't working.

It's been really bugging me lately and I need to find a solution which is how I got led to this forum. I do not have any Anti Virus, so I installed AVG this morning and I got a couple of screenshots I'll be including for you guys to see if it's similar to what the thread creator has.

I have been keeping up with the Windows Update.. and actually it's asking me to upgrade to SP3 which is what I'm in the process of doing right now.

Here are the couple of shots that I have taken after running a complete computer scan.

This last pic popped up right after I had to restart when the scan was over.