Malware problem that appears to be using DcomLaunch

[Dave F.]

Hi

I'm running XP SP3.
I use Firefox as default.

I've a bug that launches two or three copies of IE into the services
(they don't immediately appear on screen).

After a few minutes it preforms one or more of the following:

Displays adverts in an IE window
Plays an audio advert (not sure how it does that)
Mutes the sound completely.

I've run the latest versions of ad-aware & avast anti virus but with no
luck.

Using Sysinternals Process Explorer I can see the following:
(> represents a child service)

System>smss.exe>csrs.exe>winlogon.exe>services.exe


A child of this is svchost.exe that has the command line of:
C:\WINDOWS\system32\svchost -k DcomLaunch

A child of this is iexplore.exe that has the command line of:
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding

A child of this is another one or two copies of iexplore.exe with the
command line of:

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3752
CREDAT:145411 or 145412

Using Sysinternals Autoruns I disabled DcomLaunch & rebooted.
It prevented the problem, but it appears DcomLaunch is essential for
Windows to run.

I've run out of ideas for a solution, so it's over to you. Any ideas?

Hope I've been clear.

Cheers
Dave F.

 

[Randem]

You will need to run some other Malware & Spyware utilities to complete the
job. Try MalwareBytes and SuperAntiSpyware to accomplish this.

Also read http://www.randem.com/virusproblems.html

 

[PA Bear [MS MVP]]

There is a very good chance that you are seeing the effects of a hijackware
infection!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now post the requested logs in an appropriate forum for assistance by an
expert in such matters. DO NOT SKIP THIS STEP!!

I can recommend the expert assistance offered in these forums:
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php, and
http://aumha.net/viewforum.php?f=30

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

 

[sgopus]

Try the latest version of malwarebytes, I'm sure it's malware that causing
the problem.