virus help

[game_phreak]

so my sister was on the computer and messin around the other day. i went to uninstall some stuff and whenever i click "Add&Remove Programs" i get either "In use by another program" or "rundll32.exe is in use by another program" when i scanned it with AVG it came up as a read error. i also cant access system properties. the file size is 10kb, which i thought seemd strange. i also cant overwrite ecause is protected

 

[PC eye]

Everybody first thinks virus when you may another problem to look at. The first thing when going to uninstall any software is to make sure it is not currently active and running in the background. The first thing here to try is the msconfig utility to disable most items in the startup group. A faster method is simply boot in safe mode where only the basic Windows functions and a few services are running there.

At that time proceed to remove the program or programs. After the add/remove is used if there isn't an uninstaller provided there are two more things that can help. The first is to see if the installation folder remains and delete that manually. The second advice is to use a cleaner for the system registry. That will remove any leftovers that can later intefere with something else.

 

[game_phreak]

ive booted into safe mode numerous times, and my task manager has not changed at all. i did some virus scans and i picked stuff up and supposedly deleted it but the problem still persists, and new spyware and stuff keeps installing itself.

 

[codeman0013]

game_phreak install and run adaware spybot search and destroy as well as ccleaner and after you run them your computer should run a little better after this run hijak this and let us see the log.

 

[cell4me]

Do a system restore before your sister got on it...then post a hijackthis log!

 

[PC eye]

ive booted into safe mode numerous times, and my task manager has not changed at all. i did some virus scans and i picked stuff up and supposedly deleted it but the problem still persists, and new spyware and stuff keeps installing itself.

If you are seeing new startups out of nowhere it's time to scan the drive with a trojan downloader locator like Ewido, Spybot S+D, Webroot Spysweeper, etc. since those can hide right at the root directory and in folders. A browser hijacker would show up with HiJack This due to new startups brought on by the downloader that remains hidden. You get one thing off to see another points at this as likely.

They don't generally need to create any registry values. In a sense they are more like bit torrents that download installers. AVG is usually good at spotting a good number of them with a full scan. Often they load with Windows since they get copied onto the drive and have the "exe" file extention to autoload that way. A system restore is one thing you don't want at this time. That would only see the stuff you removed already. HiJack This can be downloaded at http://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1

AdAware SE Personal is one to have around. http://www.lavasoft.com
Grisoft bought Ewido and can be downloaded at http://free.grisoft.com/doc/ewido-anti-spyware-free/lng/us/tpl/v5

Post a log and when the stuff seen is cleaned up run some of these. Look for any "quesionable" files at the root of C.

 

[game_phreak]

well, it got fixed. i was runnin some more scans when all of a sudden AVG pops up and says a virus was detected, something about 3D.exe in C:\WINDOWS. so i heal it, and start running Ad-Aware when AVG pops up again saying it found another virus was found. i was right and i turned out my C:\WINDOWS\system32\rundll32.exe was indeed infected. i healed that ran the rest of my scans, deleted anything suspicious in HJT and its good as new! yay, thanks for your help guys.

 

[PC eye]

You will notice that it was AVG that "popped up" after you started running AVG. That's been an execellent one for spotting and showing just where things are located on the drive. AdAware and Ewido are also a pair of freewares good to have onhand. Viruses just like trojans often find hiding places where AVG will point them out. Others are used when stuff gets by AVG.