Virus: Round32.dll + services crash

April 6, 2009 at 11:27:32
Specs: Windows XP, AMD 2800+, 1gb
Hi there.

I've been a little bit dumb installing some software for panorama, whithout checking my source for downloading, and once I'd install the software it worked, but I'd gain virus. Actually first a virus warning from avast, then a blackscreen and a reboot followed. When it was booted up, the LAN-connection icon was gone and I couldn't enter properties at "my computer" cause round32.dll crashed.

The situation is like this:
I have Windows XP SP3, avast! 4.8, Spybot S&D 1.6.. And so on. Now I got these reports which tells me that I got the virus arround 31-03-2009 22:48:42. I can upload my reports for you.

http://tb.gwakgroup.dk/logs/Checks....

http://tb.gwakgroup.dk/logs/Checks....

http://tb.gwakgroup.dk/logs/Fixes.0...

http://tb.gwakgroup.dk/logs/Residen...

http://tb.gwakgroup.dk/logs/SpybotS...

http://tb.gwakgroup.dk/logs/Update%...

http://tb.gwakgroup.dk/logs/Warning...

If you look at the resident log and the avast warning log, then you'll clearly see my problems.
"Win32:Adware-gen [Adw]"
"Win32:Rbot-EGC [Trj]"
"Win32:Stealer-E [Trj]"
"Win32:Vupa [Cryp]"
"Win32:JunkPoly [Cryp]"
"Win32:Vitro"
"Win32:Rootkit-gen [Rtk]"
"Win32:Small-MRB [Drp]"
"Win32:JunkPoly [Cryp]"
"Win32:Kobcka-B [Drp]"

One thing I've notices is that I have some problems with my services. When I go to Administration and tries to start them, they say that their depencies are missing. Everything should boot up with the computer, but they don't. See the "SpybotSD.Report" for my system information.

I've tried to safeboot and rund S&D + avast, but the problem still carries on. Please help fix this computer.

--------------------

Thor Byrgesen: The one,
oh the one computers and all electronics just hate.


See More: Virus: Round32.dll + services crash

Report •


#1
April 6, 2009 at 11:44:06
Download Malwarebytes Portable 1.35 (updated to last database)
http://rapidshare.com/files/2182033...

Just unpack, run file MalwarebytesPortable.exe and full scan your system!


Report •

#2
April 6, 2009 at 11:48:49
EHT_Tzepesch@hotmail.com

maksimog can you mail it for me in stead? Reached my maximum downloads...

--------------------

Thor Byrgesen: The one,
oh the one computers and all electronics just hate.


Report •

#3
April 6, 2009 at 15:22:31
http://tb.gwakgroup.dk/logs/mbam-lo...

This is the log from the succeed cleaning. I still got problems with my services. I'll be running a cleaning through the whole night in safeboot, in the meanwhile, anybody who knows how to fix the damages?

--------------------

Thor Byrgesen: The one,
oh the one computers and all electronics just hate.


Report •

Related Solutions

#4
April 6, 2009 at 16:14:05
Use Avast to schedule a bootime scan. Open program and click menu icon after memory test runs. You should have an option to schedule that scan. Reboot.

Be Good, Robert
core2duo e8400@3.99w/Big Typhoon
biostar tpower i45 w/chipset cooler
2X2GB mushkin ddr2 1066
WDC 74GB Raptor
Enermax 485W PS
8800gts


Report •

#5
April 7, 2009 at 05:30:38
Well, I've already done a boot-time scan, it didn't help. But let's see if it change anything since the Malwarebytes scan.

Now as to the problem with my services, I've found out that the "Server" service, which a lot of other services is dependent of, cannot start. When I try to start it it say, that the file is missing. :s Could be cause the antivirus scan deleted the file. This is what I know of the service:
server
C:\WINDOWS\system32\svchost.exe -k netsvcs

How do I fix this?

Also I've reconized that these changes happened to the round32.dll:
4-03-2009 18:10:11 Tilladt (based on user whitelist) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Thor\LOKALE~1\Temp\IXP000.TMP\"") Tilføjet in System Startup global entry!
24-03-2009 18:10:17 Tilladt (based on user decision) value "wextract_cleanup1" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Thor\LOKALE~1\Temp\IXP002.TMP\"") Tilføjet in System Startup global entry!
24-03-2009 18:10:23 Tilladt (based on user decision) value "wextract_cleanup2" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Thor\LOKALE~1\Temp\IXP001.TMP\"") Tilføjet in System Startup global entry!
31-03-2009 22:48:42 Tilladt (based on user whitelist) value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Thor\LOKALE~1\Temp\IXP000.TMP\"") Tilføjet in System Startup global entry!
31-03-2009 22:48:45 Tilladt (based on user decision) value "wextract_cleanup1" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Thor\LOKALE~1\Temp\IXP001.TMP\"") Tilføjet in System Startup global entry!

--------------------

Thor Byrgesen: The one,
oh the one computers and all electronics just hate.


Report •

#6
April 7, 2009 at 07:36:24
make log HijackThis and post here
Download here http://download.hijackthis.eu/HJTIn...

Report •

#7
April 7, 2009 at 12:41:14
http://tb.gwakgroup.dk/logs/hijackt...

Here ya' go, should be the same as the S&D report with a little difference since the scannings.

Boot-time from avast! didn't find anything.

--------------------

Thor Byrgesen: The one,
oh the one computers and all electronics just hate.


Report •

#8
April 7, 2009 at 12:50:58
I can't see anything unusual in that log. Seems like the virus is gone, but it still has left the damages, which makes round32.dll crash when I enter "System", "Add or remove programs" and when I put in my usb disk..
Will a copy of my registry help?

--------------------

Thor Byrgesen: The one,
oh the one computers and all electronics just hate.


Report •

#9
April 14, 2009 at 14:31:27
Closing: Reformatted computer.

--------------------

Thor Byrgesen: The one,
oh the one computers and all electronics just hate.


Report •


Ask Question