rgATL
2008-04-08, 05:52
Hello, thank you for your help. Parts of this were originally posted in the Spybot-S&D forum under "Scanning D Drive;" but I think this forum may be more applicable now. Admin, please merge, delete, or move the old thread as needed by your policies.
Let me try to breakdown my issue:
History:
* I went to a song lyrics site (plyrics.com I think) and got some sort of malware. It was taking over my laptop (launching IE windows, installing software, etc).
* I was trying to run my Antivirus software (Symantec 10) as well as to download and run Spybot S&D. Within minutes, I wasn't able to do anything (CPU overwhelmed by malware), so I turned it off to back up the data from the D drive.
* (I run a laptop with 2 hard drives and save most of my data on the D drive (hereafter "data drive"), but either can boot WinXP if needed).
* I removed the infected drive and booted from the data drive, pulling off some of my data on an external hard drive). Then I installed the infected drive as the slave and ran Symantec 10, Spybot 1.5.2, and Ad-Aware 2007 Free.
* Symantec found Trackware.Webhancer, and Ad-Aware found Virtumonde; both of which they said they removed.
* So, thinking that everything was now fixed, I put the infected hard drive back in as the system drive and booted from it. Windows XP was extremely slow to load, and when it did, I got 10-20 RUNDLL errors reading:
Error loading C:\DOCUMEN~1\"username"\LOCALS~1\Temp\dcfqpsfml.drv
The specified module could not be found.This error also comes up if I try to open any application (Spybot install file, IE browser, etc) or try to access the desktop properties -- this happens in BOTH normal boot AND safe mode -- but I can open things like text files and images.
Other Symptoms:
* Task manager has been turned off.
* When the computer idles, a "screensaver" of beetles eating the desktop comes on.
* Desktop wallpaper has changed to a blue background with a "warning" in the middle of the screen with something to the effect of, "your computer may be infected with spyware."
* Some (fake) anti-spyware shortcut has appeared on the desktop.
Diagnosis?
At this point I get that RUNDLL error when I try to run any program, so I'm not sure I can run Spybot or HijackThis directly from the infected drive. Are there other options (command line, D drive)?
Thank you for reading all of this and for your help. Any thoughts would be tremendously appreciated.
Thank you,
rg.
Let me try to breakdown my issue:
History:
* I went to a song lyrics site (plyrics.com I think) and got some sort of malware. It was taking over my laptop (launching IE windows, installing software, etc).
* I was trying to run my Antivirus software (Symantec 10) as well as to download and run Spybot S&D. Within minutes, I wasn't able to do anything (CPU overwhelmed by malware), so I turned it off to back up the data from the D drive.
* (I run a laptop with 2 hard drives and save most of my data on the D drive (hereafter "data drive"), but either can boot WinXP if needed).
* I removed the infected drive and booted from the data drive, pulling off some of my data on an external hard drive). Then I installed the infected drive as the slave and ran Symantec 10, Spybot 1.5.2, and Ad-Aware 2007 Free.
* Symantec found Trackware.Webhancer, and Ad-Aware found Virtumonde; both of which they said they removed.
* So, thinking that everything was now fixed, I put the infected hard drive back in as the system drive and booted from it. Windows XP was extremely slow to load, and when it did, I got 10-20 RUNDLL errors reading:
Error loading C:\DOCUMEN~1\"username"\LOCALS~1\Temp\dcfqpsfml.drv
The specified module could not be found.This error also comes up if I try to open any application (Spybot install file, IE browser, etc) or try to access the desktop properties -- this happens in BOTH normal boot AND safe mode -- but I can open things like text files and images.
Other Symptoms:
* Task manager has been turned off.
* When the computer idles, a "screensaver" of beetles eating the desktop comes on.
* Desktop wallpaper has changed to a blue background with a "warning" in the middle of the screen with something to the effect of, "your computer may be infected with spyware."
* Some (fake) anti-spyware shortcut has appeared on the desktop.
Diagnosis?
At this point I get that RUNDLL error when I try to run any program, so I'm not sure I can run Spybot or HijackThis directly from the infected drive. Are there other options (command line, D drive)?
Thank you for reading all of this and for your help. Any thoughts would be tremendously appreciated.
Thank you,
rg.