rundll32.exe corrupted after virus scan

Hi Gary,

I wish you had posted sooner. We use a program that cleans the malware, searches the system for system files that were corrupt, and replaces them if there are any backups available locally.

A few thoughts...

First of all, if you paid for Norton, they should provide support. Have you tried contacting Symantec?

Are you able to use System Restore to go back to before this happened?

See if there is a copy of rundll32.exe in the i386 folder. If so, copy it to the system32 folder.

You did not mention what the virus was and where it was found. Depending on the severity of the virus, and on the damage it did, it may not be Norton's fault, so you may be looking at at a Factory Restore or a reformat/reinstall of Windows. CD's can be ordered from Dell. https://support.dell.com/support/topics/global.aspx/support/dellcare/en/backupcd_form
Link for instructions for factory restore or reformatting XP and VISTA:  http://tinyurl.com/5j2b62

 

Hi,

   Thanks for the reply. Yes, i wish i had posted sooner, i will certainly know better next time.

I did pay for Norton and contacted them, but basically they stated that Norton prevents intrusions and the virus was already present, so to contact the vendor.

Could not find the i386 folder to check for a copy.

The virus was Smitfraud, initially picked up by Spybot, but could not get rid of it. Also tried zasuite.

I did go into safe mode and try restoring the last working setup prior to loading Norton.  Hope to avoid losing all the data, itunes, phots etc by restore/reformat of Windows if possible.

Regards

Gary

Apologies, was looking in System32 folder for i386. Found the folder and the rundll32.exe file is there, but the icon is not showing as an executable programme, just looks like a file, unlike RUNAS.EXE for example.  Saved the existing rundll32.exe into my documents and copied/pasted the rundll32.exe from i386 into system32. Restarted same problem exists.

Regards

Gary

they stated that Norton prevents intrusions and the virus was already present, so to contact the vendor.

I guess I'm not understanding the sequence here. What "vendor" are you supposed to contact if it's not Symantec - the vendor of the anit-virus that you were using before Norton (assuming you had a paid version realtime AV running, of course)? 

I have a feeling that Spybot may have picked up Smitfraud, but there was more on there than just that. Many infections are bundled with others, so that may have been the case, but Spybot's database did not include the others.  There is a new virus that, when cleaned, will turn your computer into a "doorstop". There is another that has been showing up a lot lately. It is a polymorphic file infector that is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair.  Currently, not all scanners are capable of finding this, and I doubt that Spybot can handle it.

If I were you, I would order the operating system CD and reformat/reinstall. That way, you will know that there is nothing nasty lurking in there.

I asked Norton which "vendor" to contact. As the OS came preloaded they recommended to contact Dell rather than Microsoft. You are correct about the virus, there were many infections which did affect the screensaver and executable files. Looks like i need to order the OS CD. I had a look at the link you provided, unfortunately my serial number is not recognised. I purchased the system when living in the Netherlands and we now live in Oman, just to complicate things further, any tips ?

Thanks for all your advise

Regards

Gary

Perhaps Symantec was implying that you should contact Dell On-Call paid support. You have saved yourself some money because they would have told you the same thing we did. It appears from your description that you had one of the infections that I suspected. When the infection creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly because the malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterward.

I suggest first trying to contact Dell Customer Support to see if they can access your account and assist you in purchasing an XP CD. If they cannot help you obtain a CD, please post back here. I'll see if we can have a Dell Liaison take a look at this topic in order to steer you in the right direction.

Thanks for the advice. I agree with your assessment completely. I will try and obtain an XP CD and get back to you here if i have problems.

Regards

gary