Windll32.exe Virus

Discussion in 'Malware Help (A Specialist Will Reply)' started by geekette431, Jul 11, 2006.

  1. geekette431

    geekette431 Private E-2

    I think I've got a virus operating through windll32.exe. Despite nothing showing up on virus scans, my computer seems less buggier, faster, and the amount of hacks decreases when I disable windll32.exe. I also have two parallel windll32.exe processes running at the same time, and it seems that they're both running the same processes, but I might be wrong.
    I also get these spam messages, that appear to be coming from Windows itself, occasionally when I connect to the internet: "Your machine has 32 errors in the registration. Go to fixregistry.com to fix them." and all sorts of variation on this.
    I'm wondering what is it and how can I fix it?
     
    geekette431, Jul 11, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Which Windows version and Service Pack do you have? if its XP and only upto Service Pack 1 then a possible for the popup messages that look like windows own alerts is that you have the messenger service running ( this is nothing to do with MSN messenger but a network alert used by network admins, but exploited by spam and scammers )

    to turn if off if you have XP, then you have three routes;

    1. Install SP2 as that by default turns the messenger service off.
    2. Goto Control panel > Administrative tools > Services > look for Messenger and right click, choose properties, then Stop the service and inthe Startup Type drop down box choose Disabled.
    3. Run this nice small application http://www.majorgeeks.com/Shoot_The_Messenger_d3703.html as this will stop the messenger service for you.


    as to windll32.exe it seems you may have this
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.l.html


    Do please run thought this guide as you may have more infections than just this one,


    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis


    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
    • Bitdefender
    • Panda Scan
    • HijackThis
     
    DavidGP, Jul 11, 2006
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds