Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

syswow64/rundll32.exe virus help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

syswow64/rundll32.exe virus help

Unread postby PeterMills » August 17th, 2016, 10:09 am

Hi folks:
I am getting constant messages pop up from Malwarebytes that I have the syswow64/rundll32.exe virus and need help to remove it.
I have read your instructions and have attached the requested logs as they are too large to fit in the post body.
Thanks, and looking forward to your response.
You do not have the required permissions to view the files attached to this post.
PeterMills
Active Member
 
Posts: 4
Joined: August 17th, 2016, 9:46 am
Advertisement
Register to Remove

Re: syswow64/rundll32.exe virus help

Unread postby pgmigg » August 18th, 2016, 2:25 pm

Hello PeterMills,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: syswow64/rundll32.exe virus help

Unread postby PeterMills » August 18th, 2016, 3:07 pm

OK thanks.
PeterMills
Active Member
 
Posts: 4
Joined: August 17th, 2016, 9:46 am

Re: syswow64/rundll32.exe virus help

Unread postby pgmigg » August 18th, 2016, 4:12 pm

Hello PeterMills,

A few notes before we start:
  • The rundll32.exe is a System file for Windows, which is used by 3rd party programs to run .dll type of files. Because of this there will be many instances of it running at the same time.
  • The SysWow64 is System folder for Windows from where the rundll32.exe can run. Because you version of Windows is 64 bit it has two such folders - SysWow64 which lanches 32 bit applications and System32 from where 64 bit applications are run.
In the other words, what you are seeing is perfectly normal!

You do however look like you have an infection, which needs removing, and there are a number of other issues on your computer which need addressing firstly.

Step 1.
WARNING!
Multiple Anti Virus programs detected
  1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
    AV: McAfee VirusScan Enterprise
    AV: Lavasoft Ad-Aware
  2. This is a recipe for disaster. More programs does not mean more security, in fact it means the very opposite. Running - more than one - antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
  3. I strongly suggest you uninstall one of them. Which one is your decision, but if you asked me, I would recommend you to uninstall Lavasoft Ad-Aware.
  4. Please let me know which AV you decided to keep in the next reply and then I will give you recommendation how to remove it properly and completely.

Step 2.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Then:
Please tell me is this computer used for business purposes and connected to a business or educational networks?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter. Don't attach the logs unless I asked for that.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Your decision about AV which you would like to keep
  2. Contents of CKFiles.txt log file
  3. Contents of SysInfo scan
  4. Answers to my question related to type of using of your computer

Thank you,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: syswow64/rundll32.exe virus help

Unread postby PeterMills » August 21st, 2016, 9:46 am

OK Thanks. I will remove Lavasoft Ad-Aware.
This computer is not used for business nor connected to any business or educational networks. It WAS used for business but my company supplied me with an upgrade laptop so I purchased this one from them for personal use. It still has the Forticlient connection software on it in case I ever have to use it as a back-up.
CKScanner Results below, Sysinfo will post separately:

KScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\common files\digidesign\dae\plug-in settings\eq 3.0\equalizer\snare\emphasize crack 2.tfx
c:\program files (x86)\common files\digidesign\dae\plug-in settings\eq 3.0\equalizer\snare\emphasize crack.tfx
c:\program files (x86)\wondershare\video converter ultimate\skin\bar\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\deu\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\eng\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\esp\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\fra\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\ita\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\jpn\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\ptg\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\youtube_dl\extractor\cracked.pyc
c:\program files (x86)\wondershare\video converter ultimate\youtube_dl\extractor\crackle.pyc
c:\users\peter\frostwire\torrents\the sims 2 _pc game multi5 + crack_ _tnt village_.rar.torrent
hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
scanner sequence 3.ZZ.11.HDNAQZ
----- EOF -----
PeterMills
Active Member
 
Posts: 4
Joined: August 17th, 2016, 9:46 am

Re: syswow64/rundll32.exe virus help

Unread postby PeterMills » August 21st, 2016, 9:46 am

Sysinfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4052 Mb
Graphics Card: Windows Live Display Driver, 4 Mb
Hard Drives: C: Total - 294659 MB, Free - 61442 MB; K: Total - 476936 MB, Free - 83590 MB;
Motherboard: Dell Inc., 0J4TFW
Antivirus: McAfee VirusScan Enterprise, Not Updated
PeterMills
Active Member
 
Posts: 4
Joined: August 17th, 2016, 9:46 am

Re: syswow64/rundll32.exe virus help

Unread postby pgmigg » August 21st, 2016, 8:11 pm

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • Illegal software key generators

Once the software and/or keygens have been removed as well as host file will be clean, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs :

  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
  • Link to your closed topic.

Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware