done. here is a new log for you. the link to the rundll32.zip is dead. ie keeps saying page cannot be displayed.
That’s strange, that link worked, I tried it before I posted it. I’m trying to fing the page I got it from. Hang on.
Try this one, remember to extract it to the widows\system32 folder.
http://www.spywareinfo.com/~merijn/winfiles.php#rundll32.exe
done. that worked! i now have access to add/remove & also more importantly system restore so as i can set a new restore point. is theer anything more i need to do?
i will do a restart to make sure that nothing comes back!
Dave
Hi there, i have just enabled the system restore and done some windows updates. just out of curiosity in remote my system is turn to allow remote for 30 days. should this be switched to off?
I’ll put up a bit of a clean up list for to do.
just out of curiosity in remote my system is turn to allow remote for 30 days. should this be switched to off?
I’m not sure what you mean.
remote is:-
start
right click on my computer
properties
remote
allows remote access to your computer?
is it possible for you to have a quick look at the logs from my uninfected computer to make sure that every thing is fine there aswell.
thank you for your help. when i read what you went through to help out sassysuzi i figured you were one of the people to help.
Sure throw a log up.
As for the remote. I’ll see what I can find out. Don’t have that one this system. I wonder if that is remote suport.?
Yep that was a real adventure, with sassy.
If no problems, clean up. 
- Click start button, click run, copy and paste the following line into the box
combofix /u
-
Open HJT, click misc tools button, slide the slider down, click uninstall. You will have to delete the hjt.exe
-
Create a new restore point
You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create
- Remove old restore points
- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
- Download and run this clean up utility. You can use it regularly. When it’s first run, it is in demo mode to show you what it will remove. Review it and then rerun in real mode. It is configurable.
- You may want to consider this
If you are using windows firewall, please note that it doesn’t provide outbound protection. A third party firewall will.
A discussion on free firewalls can be found here.
http://forum.avast.com/index.php?topic=30808.0
- out of date java is an entry point for malware
Open an Internet Explorer (only) window and go to http://www.java.com/en/download/manual.jsp > In the middle of the page, click on the Download button to the right of Java Runtime Environment (JRE) 6u3 > If Information Bar pop-ups up, right-click on it and say it’s OK to display the blocked content.
You do not have to install the Java Web Start ActiveX Control
Accept the license agreement > Click on Windows (XP,Vista, .etc) Offline Installation, Multi-language and Save the file jre-6u3-windows-i586-p.exe to your desktop; do not Run it.
When the download is complete, Open Control Panel > Add/Remove Programs:
Uninstall anything that says Sun Java, Java JRE, or similar.
Close Add/Remove Programs.
In Windows Explorer, navigate to C:\Program Files\Java <=this folder, if found. Delete any subfolders it may contain.
Do NOT delete C:\Program Files[b]JavaVM[/b] <=this folder, if found!
Reboot your computer.
Double-click on the saved file to install the update.
Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.
I know what happened to the original link, It was to long for the page that I got it, so it was abreviated and I didn’t notice it. I tested it before I copied it, that’s why I was surprized when you said it didn’t work. Fixed it now, bit now I got the link for all, except vista, windows.
Any problems?
If you get a chance, can you compare the rundll.exe in the c:\windows\system32\dllcache with the one you have now? Windows does store a backup of some files there.
rundll32 is 32.5mb in both of them. last post is all done (jave cleanup and so on)
is a hjt log good enough for the other comp. do you require a new one for this computer as well?
here is the hjt scan from the uninfected computer(hopefully) and also this one. the uninfected computer scan is called kyliescan.
this comp is called davescan.
while i have you do you know how to protect a network printer from attacks( not that i have had any ) but i have set it up on a home network working off the hub. does it need to be protected.
i have an old computer sitting here as well and was wondering if i should set it up as the main internet computer and have the others run through it. would this limit the possibility of attacks.
this comp is called davescan
Looks good. Any problems? Did you get a chance to compare the rundll.exes?
kyliescan.
Just some left over norton in there, it likes you have KAV installed now. If you have ran the appropriate norton removal tool, then you can remove the the line in HJT by doing a system scan and check marking the lines refering to “Symantec” and clicking fix.
The printer, if allowed in/out access to the internet net, I suppose it could be used as access to your computer. But if it is restricted to your home network, then only computers in that network could access it.
Using the other computer would be kind of like setting it up as server/router. Maybe one more piece to cause problems?
I’d suggest a firewall capable of being configured to create a home network, consisting of your two computers, router, and printer, aloowing only the computers and router internet access.
That’s just my suggestion, I’ll ask someone who is more up on firewalls and networks.
Does any computer in your local network (LAN) need/have access to this printer?
If not, disable printer sharing into your network settings.
But really, printer attacks? Hmmm… do they exist?
Thanks Tech. That’s why I said “I suppose it could be used…” depending on the hookup.
If the printer can be accessed from outside, could that not give access to a computer connected to that printer via the printer connection??
I really don’t know, which is why I asked you for an opinion.
I’m not an expert… just never read and learn about this kind of infection.
I really doubt it’s a way to infect the computer… but, the virus analysts from Alwil should say it for sure.
I hope one of them poke their head in here, I’d like to see their comments about this. I never thought much about it before, to be honest. Now I’m curious, if a hacker could gain access to a computer through a printer that was availible through the internet.
Hey guys!
have i asked a question that hasn’t been asked before. i was not really thinking about virus attack just "prank " attack. you know would be funny to have pages just start printing and such.
but now that you have started talking about it if the ip address of the printer was used and this was linked to the computer well?
rundll32 in both folder is from what i can see _ identical 32.5kb each.
Half awake Dave
Hi
I thought the one in the dll cache was a backup.
If you knew the ip address of a printer then, yes you could send your “documents” to it, as long as the printer acepted traffic from all ip addresses and not just specific ones. I was thinking more along the lines of a hack attempt. Would it open access to a computer? ie a hole in security.
thanks for the help. i have now installed comodo on the (now) uninfected computer and have gone through and set that up, so hopefully it will eliminate the ease of reinfection.
the next question slightly off topic of viruses is should i change to firefox instead of ie and do you know a good anti-spam for outlook express or a better mail program that does not have the same vunarabiltys.
Dave
The firewall will help. BTW the comment I made about it being an adventure with sassy was made in a nice way. After she was cleaned up the first time, she got hit so hard, we didn’t know where to start, there was just so much going on. The addition of the firewall, once the system was stable enough to install one, helped, as it blocked some of the crap from being downloaded.
As for a program, I think it called mailwasher. Track down a post by DavidR and check his signature. There should be one in the stickies on this forum, probably just above your thread. At any rate finding one won’t be hard, he’s got 20k+ ;D