Help! RUNDLL Error loading after virus found...

Help! RUNDLL Error loading after virus found...
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Help! RUNDLL Error loading after virus found... orono 01-01-2007
Posted by =?Utf-8?B?b3Jvbm8=?= on January 1, 2007, 2:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I have recently installed the free editions of AVG anti virus and Ad-aware
spyware removal. Various trojans, and some spyware were found (that had not
been picked up by Norton). One trojan horse was called "qfyqakn.dll", I
quarantined, then deleted it.

Now when I start up, an I get the following:
RUNDLL Error Loading
c:\WINDOWS\System32\config\systemprofile\Local Settings\Application
Data\qfyqakn.dll
The specific module could not be found.

I then click 'OK' and everything seems to function normally.
What's going on? Is this a file that I need or was the virus not fully
removed?
Please advise. Thanks.

Posted by =?Utf-8?B?UGFuZGFfbWFu?= on January 1, 2007, 3:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi Orono ! Happy New Year !

No , this was real trojan horse .
It is just that in order to start everytime Windows loads , the trojan has
injected a DLL file into a legit Windows process Rundll32 so that this
process hosts the malware . You have removed the malicious file (thanks to
AVG) ,which is great , and is the most important part . You only need to
remove the registry entire left in your computer . Open Start-> Run - type:
regedit.exe
and press ENTER

Carefully navigate to HKEY_Local Machine \ Software \ Microsoft \ Windows \
Current Version \ Run

In the right you'll see an entrie with name something like this:
RunDLL : c:\WINDOWS\System32\config\systemprofile\Local Settings\Application
Data\qfyqakn.dll

Carefully right click it and delete it . Then close the Reg Edit .

Disable System Restore.Right click on My Computer->Properties->System Restore
Check Turn off system restore and Click OK.

Restart and the machine and the "error" should be gone :)

Enable System Restore for future usage:
Right click on My Computer->Properties->System Restore.Uncheck Turn off
system restore.Click OK


Something else ... if you have used Norton , you'd better run Symantec's
Norton Removal tool in order to completely get rid of Norton

REMOVE NORTON version 2007 , 2006 , 2005 and 2004 and 2003
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2004093015165236&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=


Regards!

--
Panda_man
Silver level Contributor



"orono" wrote:

> I have recently installed the free editions of AVG anti virus and Ad-aware
> spyware removal. Various trojans, and some spyware were found (that had not
> been picked up by Norton). One trojan horse was called "qfyqakn.dll", I
> quarantined, then deleted it.
>
> Now when I start up, an I get the following:
> RUNDLL Error Loading
> c:\WINDOWS\System32\config\systemprofile\Local Settings\Application
> Data\qfyqakn.dll
> The specific module could not be found.
>
> I then click 'OK' and everything seems to function normally.
> What's going on? Is this a file that I need or was the virus not fully
> removed?
> Please advise. Thanks.

Posted by =?Utf-8?B?b3Jvbm8=?= on January 1, 2007, 4:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hey Panda Man, Happy New Year to you too!

Thanks for your terrific reply, it worked :)

I also ran the norton removal tool again, just in case.

Orono

"Panda_man" wrote:

> Hi Orono ! Happy New Year !
>
> No , this was real trojan horse .
> It is just that in order to start everytime Windows loads , the trojan has
> injected a DLL file into a legit Windows process Rundll32 so that this
> process hosts the malware . You have removed the malicious file (thanks to
> AVG) ,which is great , and is the most important part . You only need to
> remove the registry entire left in your computer . Open Start-> Run - type:
> regedit.exe
> and press ENTER
>
> Carefully navigate to HKEY_Local Machine \ Software \ Microsoft \ Windows \
> Current Version \ Run
>
> In the right you'll see an entrie with name something like this:
> RunDLL : c:\WINDOWS\System32\config\systemprofile\Local Settings\Application
> Data\qfyqakn.dll
>
> Carefully right click it and delete it . Then close the Reg Edit .
>
> Disable System Restore.Right click on My Computer->Properties->System Restore
> Check Turn off system restore and Click OK.
>
> Restart and the machine and the "error" should be gone :)
>
> Enable System Restore for future usage:
> Right click on My Computer->Properties->System Restore.Uncheck Turn off
> system restore.Click OK
>
>
> Something else ... if you have used Norton , you'd better run Symantec's
> Norton Removal tool in order to completely get rid of Norton
>
> REMOVE NORTON version 2007 , 2006 , 2005 and 2004 and 2003
>
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2004093015165236&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=
>
>
> Regards!
>
> --
> Panda_man
> Silver level Contributor
>
>
>
> "orono" wrote:
>
> > I have recently installed the free editions of AVG anti virus and Ad-aware
> > spyware removal. Various trojans, and some spyware were found (that had not
> > been picked up by Norton). One trojan horse was called "qfyqakn.dll", I
> > quarantined, then deleted it.
> >
> > Now when I start up, an I get the following:
> > RUNDLL Error Loading
> > c:\WINDOWS\System32\config\systemprofile\Local Settings\Application
> > Data\qfyqakn.dll
> > The specific module could not be found.
> >
> > I then click 'OK' and everything seems to function normally.
> > What's going on? Is this a file that I need or was the virus not fully
> > removed?
> > Please advise. Thanks.

Posted by =?Utf-8?B?UGFuZGFfbWFu?= on January 2, 2007, 6:51 am
If you were  Registered and logged in, you could reply and use other advanced thread options
"orono" wrote:
> Hey Panda Man, Happy New Year to you too!
>
> Thanks for your terrific reply, it worked :)
>
> I also ran the norton removal tool again, just in case.
>
> Orono
>


Hi ! Thanks for letting me know . I am happy you sorted it out :-)
Stay protected :
http://pandaman.my.contact.bg
http://pandaman.my.contact.bg/Protect_your_PC.htm
http://www.microsoft.com/protect

Don't hesitate to post again !


--
Panda_man
Silver level Contributor





Similar ThreadsPosted
Rundll error loading December 2, 2007, 2:58 pm
Symantec error while loading MS patches August 13, 2006, 5:49 pm
Error loading Roaming Profile - System detected a security comprom September 16, 2005, 7:59 pm
Error in Signtool - "Personal" certifcate store was not found August 4, 2006, 9:10 pm
virus found but not detected June 21, 2006, 6:56 pm
remove pesty virus scan not found June 12, 2006, 1:14 am
Virus Protection Not found by Security Center August 8, 2006, 9:26 am
When AV software found Virus, should I clear it first or delete it? December 26, 2006, 12:31 am
W97M/Marker.T Virus found by Forefront on file server July 25, 2008, 10:21 am
"No Certificate Templates Could Be Found" Error Message When User Requests Certificate from CA Web Enrollment Pages September 21, 2006, 1:33 pm

The site map in XML format XML site map

Contact Us | Privacy Policy