wsnpoem directory: audio.dll, video.dll

Darktan2112 · Apr 30, 2009

Hey friends.

The skinny: Since about April 13th, My computer will not load its desktop or the start menu. I can only reach the explorer by running it in the task manager; however, most of the programs won't work, because an error message tells me that I do not have permission to access them. Accessing them in safe mode gets more of the programs to work, but many of them still won't. The internet browser says that it cannot connect to the internet (I'm running this website on another computer). Spybot consistently comes up with a directory called "wsnpoem" in the WINDOWS folder, containing "Audio.dll" and "Video.dll", which cannot be deleted.

I don't have any programs on my computer that will produce a log file, except HijackThis.

How do I beat this?
Thanks.
~Benjamin

Corporal Punishment · May 2, 2009

Can you download the programs to a cd/thumb drive on anoher computer and run them in safe mode on yours?

If not try this. Boot off your windows cd and get to the command prompt.

type:
Code:
ren c:\windows\wsnpoem c:\windows\wsnpoemold
hit return.

Then see if you can boot up.

Darktan2112 · May 12, 2009

Could you explain that again? I think I know what my boot CD is, but I'm not sure.

I downloaded SAS, Combo, BAM, and MGTools from a CD, but SAS and Combo had problems.

SAS said "The System Administrator has set policies to prevent this installation". I went to "http://www.superantispyware.com/supportfaqdisplay.html?faq=50" to try to fix it, but I don't know how to reach the "Group Policy Editor."

Combo said "!!Alert!! It is not safe to continue. The contents of the ComboFix package has been compromised. Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix for instructions. Note: You may be infected with a file patching virus (Virut)."

(Irrelevant, but I must point out the typo - the contents of the combofix package HAVE been compromised.)

MBAM executed successfully, and it found some issues. I cleaned them until MBAM had no more issues to report.

MGTools executed successfully, and I have a log on the computer.

TimW · May 15, 2009

IMPORTANT NOTE: Some if not many, of your Windows system files are infected. And many other non-Windows files could also be infected. Even if we attempt to fix these problems (which may not be easy to do unless you have an original Windows XP SP3 bootable CD), your system may be unreliable and untrustworthy.You may need to reinstall this system.

Your logs show that your Windows Operating system files have become infected and there is no known reliable fix for this. In addition there are many many other infected files. We could spend a lot of time trying to remove this infection, but odds are that it will not work because the nature of the infection has so many executable system files infected that as soon as we fix one file, other files that are infected will almost immediately or upon the next reboot, just reinfect the files. In addition, your PC would still basically be unreliable/untrustworthy even if we manage to fix the infected files that we can see since there could be many more that we are not seeing.

The safest thing for you to do is backup your personal data immediately since your PC could possible become unbootable at any point in time. Do not back up any executable files. This includes programs that you have downloaded since any of them could be infected.

Once you backup, you need to perform a total reinstall of Windows and all other necessary software. DO NOT reinstall from any executable files you backed up because they are most likely infected.

Log in or Sign up

wsnpoem directory: audio.dll, video.dll

Darktan2112 Private E-2

Corporal Punishment Head of Software Shenanigans Staff Member

Darktan2112 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member