I can't reply in the actual thread, so I copied some of it so you can find it.
I downloaded the malware removal tool from the link 'http://www DOT besttechie DOT net/tools/mbam-setup.exe'. And trend micro luckily but maybe not soon enough put a clamp on it.

Anyways here's the facts:
post name: Default Virtu monde need help

Shaba
Security Expert

Shaba's Avatar

Join Date: Oct 2006
Location: Finland
Posts: 18,573

Unread 2008-10-16, 04:16




Hi edwardlad

Please download Malwarebytes Anti-Malware and save it to your desktop.

link: http://www.besttechie.net/tools/mbam-setup.exe this link has the
'joke_agent' trojan in it as of 10/18/2008.


alternate download link 1
alternate download link 2
I didn't try the other two links. once burned is more than enough for me.

Hello cbminfo,

Your information is incorrect. If Trend Micro flagged MBAM it is a false positive. ;)

Regards.

I've googled for it. rundll32.exe C:\Windows\system32\ssqRLBtU.dll,#1
I've searched the windows directories, all of C:\ , searched here for just ssqRLBtU. it's connected to
MSSERVER in the startups registry with this rundll32.exe C:\Windows\system32\ssqRLBtU.dll,#1, as the parameter.

And nowhere does it show up.
I have trend 2009, spybot, hjt, malwarebytes, etc..
spybot says this is deleted in the registry. But it isn't..

I would guess my machine 'seems' to be working just fine. But since Last struck by poison ivy, and a thief on the other end using my CC, I notice a lot more on the machine than in the past 12 years.
mouse jumps or dances in place when I'm not even touching it. And offline.
spikes of memory.
doing scans for recent file mods or creations, and coming up empty.
Just had teatimer identify something in the registry, I was too quick with the block. It disappeared, and the only entry in the startups is an empty entry. Or more specific a ' ' entry.
I'm just trying to take this one problem at a time. I'd rather not keep formatting and reformatting. It's just wasting my time. the thing needs to be found and removed, as it just reappears after a format.

There are a few other things that don't show up on a google. But I'm happy to remove them one by one.

Any help here on this ?

I can no longer run any spyware stuff to find anything. They all come up clean.
malwarebytes, trend micro, spybot, windows defender HJT. All claim The machine is clean.

Every program I run takes 100% resources, and 'system' in task manager run 80-99% while loading all these programs.

I had poison IVY, reformatted and gone [I suspect], Then along came virtumonde, and smitsomething. Neither of these are detected any more.

I find several oddities in task manager not the least being that [system] runs a lot higher.

Items in task manager
2 instances of explorer ?
poison ivy had 2 instances of firefox
I removed kbdstub from my startups, appearing in task manager. this disabled the extra keys on my HP keyboard.
reinstalled the keyboard from a HP keyboard fix.
During this it attempted to install Virtual C++ 2005 redistributable [found this with poison ivy awhile back.]
again removed this redistributable. suspect this is the tip of the iceberg again.

have scanned daily since getting rid of all items detected. But things still just don't feel right, but nothings being detected.
Trend had many popups [full alert] for SYSYTEM attempting to contact the web.

rundll32.exe now appearing in task manager. I can't say I recall this ever appearing before.

crss.exe 2 instances in task manager also.
scrolling fast thru task manager it stops for a nanosecond every 10 items..

Not real sure if this is norm, and repeating it now will most likely only do a complete repeat saying nothing. But when I reinstalled the HP keyboard today, afterwards after installing the C++ redistributable, HP's normal programs RE-installed every HP device, and a mass storage device, and a printer I don't own. Window of devices being installed was about 10 or more.
This was a 1st for me. I had this keyboard installer, because the keyboard was crap from day one. Long before any internet access.
And installing the keyboard fix, it NEVER re-installed every device on the machine.
Course I also can't extract and run the AIO exe. tried twice.

How do I fight something the spyware software can't see ?

Hello cbminfo,

This is the malware removal forum and the procedure is here:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Best regards.