I am using Avast Free version on Windows 7. When I logged into my computer this morning, I received RunDLL message box that says “There was a problem starting C:\Users\MYPC\AppData\Local\PnStsj.dll. The specified module could not be found.”
This file was automatically sent to Avast Virus Chest. When The virus description for this file in virus chest has it as Win32:Malware-gen. So far everything is functioning well despite this file being sent to the virus chest.
Few things I wanted to know:
I would like to know how I got this dll file on my computer and if it is associated with any of my installed programs.
How can I get rid of the RunDLL message box everytime I log into my computer?
Download ComboFixfrom here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully. note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
Run ComboFix.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Post log reports ( ComboFix.txt) back to topic.
Btw, after ComboFix rebooted my computer, in addition to previous RunDLL message, there is now a new RunDLL message box saying there was a problem starting okusuwule.dll. Not sure what’s happening.
Anyway I am attaching ComboFix.txt. See if you can help me. Thanks.
Close all browser windows and refering to the picture above.
Drag CFScript.txt into Combofix.exe. ComboFix will re-run.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run. When finished, it will produce a log for you.
Copy/paste the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Looks fine now.
Now when I restart my computer, I do not get RunDLL message boxes for PnStsj.dll and okusuwule.dll.
Thanks for your help!
I have few questions:
Could you tell me if PnStsj.dll and okusuwule.dll were part of the malware? If yes is it possible to know which program(s) caused these dll files to install?
How to figure out if my system is infected with malware using DDS and ComboFix? Can I run these tools anytime?
How to figure out if my system is infected with malware using DDS and ComboFix? Can I run these tools anytime?
No…
“You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.”
It is necessary to uninstall Combofix
Start >> Search >> Copy
Combofix /Uninsltall
Enter
On Windows Vista and Windows7 operating systems you must reset system restore manual.
The recommendation that you install this program MCShield
It will prevent infection by computer via USB flash drive, mobile phone or any memory card.
And not only will prevent infection, but will immediately clean Memory card or external HDD