View Full Version : Runn DLL
By doing scan with spybot 1.6 displays a Win32.Downloader.gen folder that could not eliminate even as administrator. When searching here on the forum I saw that had to download spybot 2.2 to solve the problem. I installed this program and he sent the files that were in quarantine folder where they remain. When you restart the PC appeared this message.
12017
I appreciate a help to solve the problem. Thanks.
-------------------------------------------------------
Edit
Forum FAQ for future reference. :) http://forums.spybot.info/showthread.php?t=288
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan
Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
Hello Juliet. Best Regards.
My Norton 360 antivirus lets not install Farbar Recovery Scan Tool. It deletes the file.
The translation of .jpg
There was a problem starting the
C \ Users \ BUSH \ AppData \ Local \ Conduit \ BackgroundContainer \ BackgrounContainer.dll
Could not find the specified module.
I turned off Norton for a while and did the scan. Here is the result.1201812019
I see you have peer-to-peer (P2P) file sharing software installed on your computer (Bit Torrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.
Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)
Your P2P software can be removed by following the instructions below.
Press the Windows Key http://i.imgur.com/pdKOQKY.png+ r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.
**
Please go to add/remove programs and uninstall
BitTorrent
Pandora Service
~~~~
You may have to disable your antivirus protection to run these tools.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-254876875-3501504866-2801950793-1001 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-254876875-3501504866-2801950793-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
FF SelectedSearchEngine: Conduit Search
FF Plugin HKU\S-1-5-21-254876875-3501504866-2801950793-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\BUCHA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR HKLM\...\Chrome\Extension: - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {D72E0337-43D7-4EC0-ADB4-80201258D3D6} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\BUCHA\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:D1B5B4F1
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://i.imgur.com/BY4dvz9.png AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you [i]know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
~~~
Please post
Fixlog.txt
AdwCleaner.txt
I think I have done everything right. The PC restarted and will not appear that Run Dll window. Together the results you requested.
12020 and 12021
I think I have done everything right. The PC restarted and will not appear that Run Dll window. Together the results you requested.
Good. Let's continue.
Please run a Threat Scan with Malwarebytes' Anti-Malware.
Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and
from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
********************************************
After you run Malwarebytes Anti-Malware and allow it to quarantine what it finds, post that log and please tell me what your computer is doing now.
Já fiz o scan com Malwerbytes e envio o resultado. Obrigado.
12022
http://i.imgur.com/GzlsbnV.png ESET Online Scan Including External Drive
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Change... next to Current scan targets: Operating memory, Local drives
Place a checkmark next to any additional drives you wish to scan and click OK
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.
How is your computer now?
I've done the scan with Malwerbytes and sending the result.
Sorry but I had forgotten to translate the message. Restarted the computer and is functioning normal.
It worked out well, and I am glad it is normal now.
let's continue
**
http://i.imgur.com/GzlsbnV.png ESET Online Scan Including External Drive
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Change... next to Current scan targets: Operating memory, Local drives
Place a checkmark next to any additional drives you wish to scan and click OK
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.
How is your computer now?
This is the result of the scan12023 ESET Online Scan
Did it allow you the option?
Ensure Remove found threats is unchecked.
OK, how is your computer now?
Did it allow you the option?
Ensure Remove found threats is unchecked.
OK, how is your computer now?
Fiz um novo scan pois não tinha entendido bem a tua mensagem. Este é o resultado do novo Scan
12026
Fiz um novo scan pois não tinha entendido bem a tua mensagem. Este é o resultado do novo Scan
12026
I made a new scan because I had not understood your message. This is the result of the new scan
Sorry forgot translation
You did fine Gorby
One or more of the identified infections is a result of downloading cracked/pirated/keygen software. Participating in the use of such software is a security risk; your infected computer is evidence of this. Were you aware your machine has cracked software installed? We do not approve of nor support illegal software.
Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be reinfected otherwise. Simply visiting a cracked software site can result in infection from exploitation of vulnerabilities in your installed software.
Continuing in this practice will ensure your computer is continuously susceptible to malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please refer to the following articles for more information.
The Hidden Risks of Using Pirated Software (http://blogs.msdn.com/b/govtech/archive/2013/03/25/the-hidden-risks-of-using-pirated-software.aspx)
IDC White paper: The Dangersous World of Counterfeit and Pirated Software (http://www.microsoft.com/en-us/news/download/presskits/antipiracy/docs/idc030513.pdf)
Software Piracy on the Internet: A Threat To Your Securiy (http://global.bsa.org/internetreport2009/2009internetpiracyreport.pdf)
File Sharing, Piracy, and Malware (http://acms.ucsd.edu/students/resnet/malware_filesharing.html)
Pirated software carries malware payload that can cost billions (http://www.infosecurity-magazine.com/view/31449/pirated-software-carries-malware-payload-that-can-cost-billions/)
I am prepared to continue providing assistance as long as you agree to remove all traces of cracked software immediately.
~~~~~~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
C:\extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8}\chrome\bittorrentbar_pt.jar
C:\Users\BUCHA\Documents\Programas\Windows_8.1_Pro_X64_Activated.iso
C:\Users\BUCHA\Downloads\Malwarebytes.rar
D:\Documents and Settings\Bucha\Ambiente de trabalho\ccsetup318.exe
D:\Documents and Settings\Bucha\Os meus documentos\As minhas imagens\arvore_natal.rar
D:\Documents and Settings\Bucha\Os meus documentos\Doc. Bucha\O meu disco (G)\Os meus ficheiros recebidos\Win.Genuine.Advantage.Validation.v1.7.18.5.zip
D:\Documents and Settings\Bucha\Os meus documentos\Doc. Bucha\Os meus ficheiros recebidos\Win.Genuine.Advantage.Validation.v1.7.18.5.zip
D:\Documents and Settings\Bucha\Os meus documentos\Programas\MYPONY\MYPONY-www.superfreedownloads.net.zip
D:\Documents and Settings\Bucha\Os meus documentos\Programas\Novo Ofice 2010\Microsoft.Office.2010.RTM.PT-PT.x86.part1.rar
D:\Documents and Settings\Bucha.BUCHA\Definições locais\Temp\ASK2C.tmp
D:\Documents and Settings\Bucha.BUCHA.000\Os meus documentos\Downloads\KMPlayer_3.5.0.77_00_20130123015648.exe
D:\WINDOWS\Installer\MSI212.tmp
D:\WINDOWS\Installer\MSIF3.tmp
E:\Jogos\Warcraft III\w3battle_120e.rar
EmptyTemp:
CreateRestorePoint:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Please tell me how your computer is now.
Good Morning Juliet. I understand your meg. and thank you. The softwere you speak and is on the Scan is in D \\. I have two discs on the PC and each disk has two partitions. C \\ everything is cool. Pay Norton 360, Malwerebytes Antimalwere and Spybot is free Cclener too, but in D \\ I had Win XP and I'm no longer using. Before you do what you say I'll go first transfer documents because there have some important things and if he does not start for me is difficult to recover these doc .. After finishing will format the disk and is only for document storage and I'm with one operating system. Thanks for your patience.
I understand
How is the computer now?
Are we ready to remove tools and quarantine folders?
I understand
How is the computer now?
Are we ready to remove tools and quarantine folders?
The Run Dll window is not appearing anymore. The computer is working properly. After remove the D\\ documents I will scan with ESET if you agree and after i will post the result.
The Run Dll window is not appearing anymore. The computer is working properly. After remove the D\\ documents I will scan with ESET if you agree and after i will post the result.
Glad to hear the dll error has gone, and the computer works well again.
If you want to run ESET again you can, I leave that up to you. :)
Glad to hear the dll error has gone, and the computer works well again.
If you want to run ESET again you can, I leave that up to you. :)
I've done the scan and was faster because it is only a disc. This is the result and I deleted the quarantine was only 2 files.
12028
Good work
Ready to finish up and remove tools used?
Ok, I think is to uninstall ESET and adwcleaner. Farbar Recovery Scan was eliminated by Norton and Malwarebytes Anti-Malware is mine because it was paid. If I need to do something else tell me how to do. Thank U.
Double click on AdwCleaner.exe to run the tool again.
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
~~~~~~~~~~~~~~~~
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
~~~~~~~~~~~`
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
The following programmes come highly recommended in the security community.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Thank you for your willingness and the information that is important to have my computer Okay. I think it ended and I thank once again. Friendly greetings.
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.