Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A0387131.dll

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: A0387131.dll

Unread postby melboy » February 4th, 2010, 2:34 pm

Whilst I go over your latest logs Artur, to answer your query - x-perl looks to be installed along with CurseClient.

http://wow.curse.com/downloads/wow-addo ... xperl.aspx
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: A0387131.dll

Unread postby Artur » February 4th, 2010, 2:51 pm

Yes, i should get rid of that too, "CurseClient" is a program to automatically update the game addons (pretty much just download, unzip and replace the old files). No addon files should however install any program on the computer. If im reading it right the x-Perl shows in the uninstall list, that just doesent seem right.
I am however not doing anything until i hear from you.
And thanks Melboy. Thank you for helping me out when i got myslef into this mess.
Artur
Regular Member
 
Posts: 18
Joined: January 26th, 2010, 4:40 pm

Re: A0387131.dll

Unread postby melboy » February 5th, 2010, 1:29 pm

Hi Artur

Are you experiencing any symptoms other than the ones you have already mentioned that may be malware related; EG. Redirections, pop-ups, etc.

As I've already said the DDS log shows that your on-access scanning is enabled and the service for it (SBAMSvc.exe) is running. Are you familiar with the Eicar test file? It is a harmless test file that can help determine if your anti-virus is working correctly.

Visit this page and then attempt to download and run the file eicar.com (68 bytes), found at the bottom of the page under "Download area using the standard protocol http" and tell me the results; if your AV blocked it or not.



RootRepeal
Download RootRepeal.zip from here & unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
      Drivers
      Files
      Processes
      SSDT
      Stealth Objects
      Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running
  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File then Exit to close the program
  • Post the contents of RootRepeal.txt in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: A0387131.dll

Unread postby Artur » February 5th, 2010, 5:26 pm

Some random things happen occasionally wich i disregarded as bugs, like yesterday i opened my e-mail and could not click to open any mail, dident think any more of it and shut my computer down. Today i could open mails as usual.
I cannot recollect anyhting else than that.

When i attempt to download eicar the Firefox download window shows it failed to download. I right click on the file inside the FF DL window and attemp to retry, it now shows as 68Kb successfully downloaded, but if i right click properties of the eicar file downloaded to my desktop it shows as 0kb, when i attempt to run it i get a window telling me its not a valid win32 application. No warnings from my AV but it seems to get blocked.


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/05 21:43
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA19E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA612000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6D93000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_1267.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\CurseClient.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\CurseClient.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.ClientService.Models.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.ClientService.Models.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.AddOns.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.AddOns.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.MurmurHash.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.MurmurHash.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\CurseClient.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\CurseClient.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Enumerations.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Enumerations.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\ICSharpCode.SharpZipLib.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\ICSharpCode.SharpZipLib.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Interop.NetFwTypeLib.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Interop.NetFwTypeLib.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Win32Interop.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Win32Interop.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\WPF.Themes.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\WPF.Themes.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Xceed.Wpf.DataGrid.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Xceed.Wpf.DataGrid.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Xceed.Wpf.Controls.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Xceed.Wpf.Controls.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\zlib.net.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\zlib.net.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Common.XmlSerializers.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Common.XmlSerializers.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.DownloadSecurity.Tokens.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.DownloadSecurity.Tokens.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Common.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Common.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Controls.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Controls.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Artur\Local Settings\Apps\2.0\OOWMJHPO.LT8\7LC9DADN.QKH\manifests\Curse.CurseClient.Localization.cdf-ms
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sbaphd.sys" at address 0xba5da4d0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sbaphd.sys" at address 0xba5da520

==EOF==
Artur
Regular Member
 
Posts: 18
Joined: January 26th, 2010, 4:40 pm

Re: A0387131.dll

Unread postby melboy » February 6th, 2010, 5:48 am

Hi Artur

Security applications not functioning correctly and our tools not running can be a sign they are being blocked or corrupted by malware. However after going through your logs there is little evidence of an active malware infection that would do this.

After going through your logs again. I noticed that you have removed Microsoft programs that may have an effect on how your programs run as they are required by certain programs to function correctly. Errors in your event log seem to reinforce this.

RP725: 2010-01-26 20:07:37 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP726: 2010-01-26 20:08:20 - Removed Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
RP727: 2010-01-26 20:08:47 - Removed Microsoft SQL Server Compact 3.5 Design Tools ENU
RP728: 2010-01-26 20:09:32 - Removed Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
RP729: 2010-01-26 20:09:42 - Removed Microsoft SQL Server Database Publishing Wizard 1.2
RP730: 2010-01-26 20:11:14 - Removed Microsoft Visual C++ 2005 Redistributable


Did you have a specific reason for removing these programs?

If not, they can be re-downloaded and installed from here:
http://www.microsoft.com/downloads/deta ... laylang=en
http://www.microsoft.com/downloads/deta ... laylang=en

Then visit Microsoft Update and install any necessary updates.

Then try once more to install Malwarebytes anti-malware and see if installing the above Microsoft applications solve your problems with your Avanquest suite. It may be that you have to re-install the program if it does not. (In case of difficulties doing this)

Let me know how things go and if you have any problems.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: A0387131.dll

Unread postby Artur » February 6th, 2010, 6:55 am

Just to clarify, i should reinstall the applications you mentioned, update, try running malwarebytes, if no success then resinstall Avanquest and try malwarebytes and check if Avanquest starts running normally again? If it does, should i run a full system scan again?

I understand my logs are looking clean, so i would just like to add some things. I have never logged in my game from another computer, nor have i ever shared my login name or password with anyone. So as far as i can tell the information must have been stolen from my computer or been broken by brute force (old pass was 8 charachters 2 digits 2 capitals, so pretty strong as far as i can tell). The fact Avanquest picked up something classified as a trojan in the path mentioned earlier obviously made me think it must have been stolen.
Artur
Regular Member
 
Posts: 18
Joined: January 26th, 2010, 4:40 pm

Re: A0387131.dll

Unread postby melboy » February 6th, 2010, 7:25 am

Hi Artur

  1. Download and re-install the Microsoft Visual C++ 200x Redistributable's.
  2. Visit MS update.
  3. If your Avanquest suite is still not functioning correctly - re-install it.
  4. Attempt to install Malwarebytes.(MBAM)

Let me know how things go and what - if any - problems you have; any error messages you receive etc.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: A0387131.dll

Unread postby Artur » February 6th, 2010, 1:13 pm

I was uninstalling a few programs i was not using to free up discspace and seems i got overenthusiastic and uninstalled some components i shouldent have, i appologise for the extra work this caused you. :monkey:

1. Download and re-install the Microsoft Visual C++ 200x Redistributable's. Done
2. Visit MS update.Done
3. If your Avanquest suite is still not functioning correctly - re-install it.Working without reinstall
4. Attempt to install Malwarebytes.(MBAM) Installed
Artur
Regular Member
 
Posts: 18
Joined: January 26th, 2010, 4:40 pm

Re: A0387131.dll

Unread postby melboy » February 6th, 2010, 4:46 pm

Hi Artur

It seems good news so far,


Malwarebytes' Anti-Malware (MBAM)


  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform full scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Check all items except items in the C:\System Volume Information folder... then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: A0387131.dll

Unread postby Artur » February 7th, 2010, 6:41 am

:oops:
Someone once told me: Never underestimate the power of stupidity. Seems i went and did just that.

Malwarebytes' Anti-Malware 1.44
Database version: 3699
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-02-07 11:11:08
mbam-log-2010-02-07 (11-11-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 262168
Time elapsed: 57 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Artur\My Documents\Azureus Downloads\Adobe keygen\Adobe DreamWeaver CS3 9.0 keygen.exe (Trojan.Horst) -> Quarantined and deleted successfully.
Artur
Regular Member
 
Posts: 18
Joined: January 26th, 2010, 4:40 pm

Re: A0387131.dll

Unread postby melboy » February 7th, 2010, 7:15 am

Artur wrote: :oops:
Someone once told me: Never underestimate the power of stupidity. Seems i went and did just that.


In using keygens in the first place, or not following the rules?

melboy wrote:Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

In particular:



Cracks, Keygens, Warez etc.

C:\Documents and Settings\Artur\My Documents\Azureus Downloads\Adobe keygen\Adobe DreamWeaver CS3 9.0 keygen.exe

This is one way to get your computer infected. Visiting crack sites/warez sites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.
In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

Additionally, cracked programs are illegal. As the log(s) you've posted indicate, you've used one or more of the above, we will not provide you with any further help unless you remove the files.

We do NOT knowingly provide help for anyone using any form of cracked software and/or Operating Systems.

In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.
The distribution and use of cracked copies is illegal in almost every developed country.



CKScanner
Download CKScanner from here
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: A0387131.dll

Unread postby Artur » February 7th, 2010, 7:50 am

Well downloading in the first place, i have not used those keygens and dont remember getting them . Must have been lying there for months or maybe even years :| Yes i am aware of the rules, i did read those prior to posting and those files where lying in a folder i was unaware of.

The reason i did not delete upon finding them was i figured i had done enough damage uninstalling vital components and made the whole process of removing my malware unnecesarily complicated so i left them until we could sort this out and deleteing them was going to be one of the first things i was going to to as soon as we were done or when you asked me to.

For some reason the file got saved in my firefox folder.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\artur\my documents\azureus downloads\adobe keygen\adobe cs3 master collection.exe
c:\documents and settings\artur\my documents\azureus downloads\adobe keygen\adobe premiere pro serial + info.txt
c:\documents and settings\artur\my documents\azureus downloads\adobe keygen\premiere.dll
c:\documents and settings\artur\my documents\azureus downloads\adobe keygen\read me -indian pirate.txt
scanner sequence 3.CA.11
----- EOF -----
Artur
Regular Member
 
Posts: 18
Joined: January 26th, 2010, 4:40 pm

Re: A0387131.dll

Unread postby melboy » February 7th, 2010, 9:16 am

Artur,


Other than the detection by MBAM your computer is as clean as it is possible for me to tell.

However, Trojan.Horst is a Trojan horse that opens a back door on the compromised computer and works as a relay proxy.


A backdoor can give intruders complete control of your computer, log your keystrokes, steal personal information, etc.

This can allow hackers to remotely control your computer, steal critical system information and Download and Execute files


If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
It would be wise to contact those same financial institutions to apprise them of your situation.



Because of it's backdoor functionality, your PC has very likely been compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall


Should you have any questions, please feel free to ask.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: A0387131.dll

Unread postby Artur » February 7th, 2010, 10:16 am

Thank you Melboy.

I dont have time to read those links right now, but i will later on.
Looks like ill be upgrading to Win7 within the near future.

Thanks again.
Artur
Regular Member
 
Posts: 18
Joined: January 26th, 2010, 4:40 pm

Re: A0387131.dll

Unread postby melboy » February 7th, 2010, 6:44 pm

Looks like ill be upgrading to Win7 within the near future


In the meantime then, we need to clean up some of the tools I had you download.

OTL by OldTimer

  • Double-click OTL.exe
  • Click the CleanUp! button
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


You can also delete the SysProt and Rootrepeal Folders.



This is my general post for when your logs show no more signs of malware.



General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware