Virus Gone... Now what?

[Needy]

I recently ridded myself of a massive virus, but still have some lingering
issues:

1). I recieve the following error messages at start-up

a). "Error loading C:\WINDOWS\system32\ijlfsdqr.dll"
b). "Error loading C:\WINDOWS\system32\mqwqbftp.dll"

I don't know if I need these, but I'd like to use them or delete ( I don't
know how to do either option).

2). When viewing my startup application through msconfig, I've found some
suspect exe. I've searched but have been unable to locate how a clean (like
new) startup should appear. After my nightmare, I could care less about
automatically openning anything.

As usual, thanks in advance for any and all assitance...

 

[Mark L. Ferguson]

They are remnants of the virus. Use this utility to remove the start
instructions for the removed dll files.

AutoRuns for Windows v8.61:
http://www.microsoft.com/technet/sysinternals/SystemInformation/Autoruns.mspx

--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPostAsAnswer

Mark L. Ferguson
..

 

[David H. Lipman]

From: "Needy" <[email protected]>

| I recently ridded myself of a massive virus, but still have some lingering
| issues:
|
| 1). I recieve the following error messages at start-up
|
| a). "Error loading C:\WINDOWS\system32\ijlfsdqr.dll"
| b). "Error loading C:\WINDOWS\system32\mqwqbftp.dll"
|
| I don't know if I need these, but I'd like to use them or delete ( I don't
| know how to do either option).
|
| 2). When viewing my startup application through msconfig, I've found some
| suspect exe. I've searched but have been unable to locate how a clean (like
| new) startup should appear. After my nightmare, I could care less about
| automatically openning anything.
|
| As usual, thanks in advance for any and all assitance...



Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

 

[Nepatsfan]

I recently ridded myself of a massive virus, but still have some lingering
issues:

1). I recieve the following error messages at start-up

a). "Error loading C:\WINDOWS\system32\ijlfsdqr.dll"
b). "Error loading C:\WINDOWS\system32\mqwqbftp.dll"

I don't know if I need these, but I'd like to use them or delete ( I don't
know how to do either option).

2). When viewing my startup application through msconfig, I've found some
suspect exe. I've searched but have been unable to locate how a clean (like
new) startup should appear. After my nightmare, I could care less about
automatically openning anything.

As usual, thanks in advance for any and all assitance...

1.) This is usually what happens when your antivirus program deletes the file
but doesn't clean up the mechanism that launches it at startup. Here's a program
from Microsoft that will help you stop the error messages.

AutoRuns for Windows v9.13
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Once you've downloaded and extracted the files, run autoruns.exe. Look on the
Everything tab for an entry that lists ijlfsdqr.dll in the Image path column.
Right click on that entry and select Search Online from the menu. Odds are that
you'll come up with an empty search. This pretty much confirms that it was some
type of malware that your scan deleted. Uncheck the item. Do the same for
mqwqbftp.dll. Restart your computer. If you no longer see the error message, you
can go back and delete the entries in Autoruns.

2.) You can click on the Logon tab to get essentially the same information you
get through msconfig. Once again, you can right click on each item and do an
online search to see what's available on the net with regard to that entry. That
said, it's an unfortunate reality that if you're looking for a clean startup,
the only real way to achieve that is to flatten and rebuild.

Good luck

Nepatsfan

 

[David H. Lipman]

From: "Nepatsfan" <[email protected]>


|
| 1.) This is usually what happens when your antivirus program deletes the file
| but doesn't clean up the mechanism that launches it at startup. Here's a program
| from Microsoft that will help you stop the error messages.
|
| AutoRuns for Windows v9.13
| http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
|
| Once you've downloaded and extracted the files, run autoruns.exe. Look on the
| Everything tab for an entry that lists ijlfsdqr.dll in the Image path column.
| Right click on that entry and select Search Online from the menu. Odds are that
| you'll come up with an empty search. This pretty much confirms that it was some
| type of malware that your scan deleted. Uncheck the item. Do the same for
| mqwqbftp.dll. Restart your computer. If you no longer see the error message, you
| can go back and delete the entries in Autoruns.
|
| 2.) You can click on the Logon tab to get essentially the same information you
| get through msconfig. Once again, you can right click on each item and do an
| online search to see what's available on the net with regard to that entry. That
| said, it's an unfortunate reality that if you're looking for a clean startup,
| the only real way to achieve that is to flatten and rebuild.
|
| Good luck
|
| Nepatsfan
|

I'm not sure the OP is completely clean. :-(

 

[Needy]

Man, I was so hesitant to download anything from anywhere but I did some
research on your tool, crossed my fingers, and gave it shot (call me a
glutton for punishment). Wow! It seems to live up to its billing. Although I
haven't deleted anything yet, I unchecked all kinds of crap.

My .dll error messages are gone from start-up and my shaken peace of mind
has been restored regarding those pesky exe's. I was also amazed by how many
programs are started automatically --- But not for me, not anymore.

Thanks again to all responders....

 

[David H. Lipman]

From: "Needy" <[email protected]>

| Man, I was so hesitant to download anything from anywhere but I did some
| research on your tool, crossed my fingers, and gave it shot (call me a
| glutton for punishment). Wow! It seems to live up to its billing. Although I
| haven't deleted anything yet, I unchecked all kinds of crap.
|
| My .dll error messages are gone from start-up and my shaken peace of mind
| has been restored regarding those pesky exe's. I was also amazed by how many
| programs are started automatically --- But not for me, not anymore.
|
| Thanks again to all responders....
|

As I stated, I am NOT sure you are clean.

Your un-named anti virus may have found some Trojans but may have also missed more!