Windows XP rundll.exe Problems

Status
Not open for further replies.

TiTaNsFaN690

Solid State Member
Messages
15
Hi, after cleaning my computer the other day from a pretty vicious malware infestation, I noticed that my rundll.exe in system32 was infected in some way (as it kept trying to install BHO's in my registry).

Anyway, I deleted it in safe mode vainly assuming it would simply be reinstalled clean with a CHKDSK or at the next startup. Well the chkdsk worked fine, unfortunately rundll.exe is still missing.

This wouldnt be a big problem as I have my xp disc ready to go to copy a new one, unfortunately two other side effects have emerged from the virus hunting: namely that I cannot access the internet, and that my CD-ROM Drive cannot read discs at all.

My network adapter and settings are all fine, but I still cannot access the web. As for my CD-Rom drive, after unistalling and reinstalling the driver, it still will not read discs. My windows screen has reverted back to a grey lower toolbar and grey folder borders like that of windows 2000 for some reason. I have no access to the control panel because rundll.exe is missing.

When removing the malware I ran Smitthfraudfix, FixVundo, and ATF-Cleaner along with spybot. I still have an odd dll file which refuses to be deleted named urqNHWnk.dll in my system32 in my registry, and simply cannot delete it even in safe mode and with hijackthis's delete on boot feature.

If anyone has any suggestions as to how I can restore my rundll.exe file (cleanly) and remove this unaccounted for dll file I would greatly appreciate it. I will probably try using a USB stick next with a copy of another XP rundll.exe file and manually stick it in my system32 folder next. I cannot get my cd-rom drive to recognize cds or dvds at all, despite the device manager saying everything is fine. Thank you very much in advance!
 
Well the best way i can think of is what you're going to do...which is get another copy of the dll file and replcae it :)
 
First try a repair install. That will help replace some of the missing Windows files. See what that does for you first.

Then follow Osiris's guide to spyware removal in the Virus section 5 forums down. That will help clean your system out.
 
First try a repair install. That will help replace some of the missing Windows files. See what that does for you first.

Then follow Osiris's guide to spyware removal in the Virus section 5 forums down. That will help clean your system out.

Yeah the repair install unfortunately is going to be rather difficult without access to my cd-rom drive, it seems unable to read both CDs and DVDs (possibly as a result of an unrelated issue, though doubtful considering the timing.)

I have managed to copy over a rundll32.exe file into my system32 folder via a pen drive and now have access to the control panel.

My Internet explorer is completely unable to access the web, and I have lost the trademark Windows XP themes for some reason, leading me to believe that indeed some important windows files were deleted as a result of the Trojans.

Is there anyway to perhaps run a windows xp repair install from a pen drive or virtual drive?

I have also attached a copy of my current hijackthis log, stripped entirely of BHOs apparently, if someone could take a look at it I would be very grateful. I'll definitely be following Osiris's guide on top of that. Thanks in advance.

*update* yeah evidently the spyware is still not completly gone, as every time I do try to open internet explorer rundll32.exe attempts to install an dll file in the registry...
 

Attachments

  • hijacklog.txt
    10.7 KB · Views: 68
Status
Not open for further replies.
Back
Top Bottom