Well after being up for a few days, and having some viruses in the meantime (captured by AVG straight away) I am getting this message on startup.
typical windows error message:
and I have uninstalled Rage3D tweak in the meantime...
btw it's windows 2000 sp4.
and yes it's rundll23 not 32... .
I could post the image, but have nowhere to upload it. The error is on startup and it seems that it doesn't affect anything as far as I can tell, any ideas how to find out what it is and get rid of at least the error message if nothing else.
* googling on that filename brings nothing, probably all errors when people were reffering to rundll32
edit: I found the file with the same name in my windows\system32 folder?!? And I am running Windows 2000 - when I think of it why does windows folder exist? I haven't installed winXP or win9x on that PC before.
ummm...
I have only that system32 folder there underneath windows folder, and a few more apps and a few files in that folder besides rundll23.exe
Those are DriverNetC.exe ; run.exe ; winsock.exe
and I had this text file in the folder
called elicomp.txt
ummmm
Well I have three objectives
1. find out that nothing is broken
2. get rid of the startup error message
3. if possible find out what does this file do - virus or what?
4. someone trying to hack me... btw I have a software and hardware firewall for that effect with ports open for a few P2P apps.
Help
*** OK it is probably an attempted hack... I remember trying to install a file that pretended to be e-mule... and well I can see two of those .exe files trying to get out on the net ; that drivernetc.exe and winsock.exe but blocked by my software firewall... meh... (and loaded on windows startup... )
How do I delete all that stuff,
OK there is more
ASPNET user account... it's in group users... (ie new computer account meh)
- found what it is
. Is it just a Windows XP thing? anyone knows? Should I delete, or not?
ok edit one more time
when trying to remove that windows folder (that was by the way created on 20th of April, I get admdll.dll is in use... now that doesn't sound nice... as well as the above mentioned files... well killed them all and well deleted... now we will see what happens next. There must be some registry entries as well, but I guess they can't do anything without the files...
to add the last... just checked AVG log - yes 20th of april virus infection - Backdoor.R3C.H and Backdoor.R3C.F apparently healed OK, but why did it leave the other files to load?
ahhh **** here is some info finally
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.r3c.b.html
but that is the B version...
and I have not seen that registry entry mentioned there in my registry
how do I delete all stuff this virus spread?
ideas if someone here had experience with this new one please...
* and the last - reading a little it seems that the virus somehow misdiagnosed me as WinXP? what other reason would it have to copy itself ~or to create windows folder on my machine??? Meh those later versions are a bit different I guess.
typical windows error message:
and I have uninstalled Rage3D tweak in the meantime...
btw it's windows 2000 sp4.
and yes it's rundll23 not 32... .
I could post the image, but have nowhere to upload it. The error is on startup and it seems that it doesn't affect anything as far as I can tell, any ideas how to find out what it is and get rid of at least the error message if nothing else.
* googling on that filename brings nothing, probably all errors when people were reffering to rundll32
edit: I found the file with the same name in my windows\system32 folder?!? And I am running Windows 2000 - when I think of it why does windows folder exist? I haven't installed winXP or win9x on that PC before.
ummm...
I have only that system32 folder there underneath windows folder, and a few more apps and a few files in that folder besides rundll23.exe
Those are DriverNetC.exe ; run.exe ; winsock.exe
and I had this text file in the folder
called elicomp.txt
ummmm
Well I have three objectives
1. find out that nothing is broken
2. get rid of the startup error message
3. if possible find out what does this file do - virus or what?
4. someone trying to hack me... btw I have a software and hardware firewall for that effect with ports open for a few P2P apps.
Help
*** OK it is probably an attempted hack... I remember trying to install a file that pretended to be e-mule... and well I can see two of those .exe files trying to get out on the net ; that drivernetc.exe and winsock.exe but blocked by my software firewall... meh... (and loaded on windows startup... )
How do I delete all that stuff,
OK there is more
ASPNET user account... it's in group users... (ie new computer account meh)
- found what it is
however I don't remember installing .net framework on my PC??? in last 2-3 months since reformat - but you never know
. Is it just a Windows XP thing? anyone knows? Should I delete, or not?ok edit one more time
when trying to remove that windows folder (that was by the way created on 20th of April, I get admdll.dll is in use... now that doesn't sound nice... as well as the above mentioned files... well killed them all and well deleted... now we will see what happens next. There must be some registry entries as well, but I guess they can't do anything without the files...
to add the last... just checked AVG log - yes 20th of april virus infection - Backdoor.R3C.H and Backdoor.R3C.F apparently healed OK, but why did it leave the other files to load?
ahhh **** here is some info finally
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.r3c.b.html
but that is the B version...
and I have not seen that registry entry mentioned there in my registry
how do I delete all stuff this virus spread?
ideas if someone here had experience with this new one please...
* and the last - reading a little it seems that the virus somehow misdiagnosed me as WinXP? what other reason would it have to copy itself ~or to create windows folder on my machine??? Meh those later versions are a bit different I guess.
