RESTORE ERROR

[NightShift DJ]

AFTER AN ATTACK BY A TROJAN, WHEN I ATTEMPT TO RESTORE THE FOLLOWING ERROR IS
SEEN:

RUNDLL
AN EXCEPTION OCCURED WHILE TRYING TO RUN
C:\WINDOWS\System32\Shell32.dll Control_Run DLL
C:\WINDOWS\System32\sysdm.cpl",System"

Help how to fix?

 

[Ken Blake, MVP]

On Wed, 28 Jan 2009 00:20:01 -0800, NightShift DJ <NightShift

AFTER AN ATTACK BY A TROJAN, WHEN I ATTEMPT TO RESTORE THE FOLLOWING ERROR IS
SEEN:

RUNDLL
AN EXCEPTION OCCURED WHILE TRYING TO RUN
C:\WINDOWS\System32\Shell32.dll Control_Run DLL
C:\WINDOWS\System32\sysdm.cpl",System"

Help how to fix?

Please don't yell at us. We can hear you if type normally, in mixed
case.

What Trojan? How did you know you had it? How did you attempt to fix
it? What does "ATTEMPT TO RESTORE" mean? Were you trying to use System
Restore to get rid of the Trojan? If so, be aware that it's *highly*
unlikely that that could solve your problem.

What anti-virus and anti-spyware software do you run?

 

[Mick Murphy]

Scan with these 2 programs:

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

If unable to install above Programs in Normal Mode:
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating
Programs to remove them.
If that happens, reboot into Safe Mode with Networking (from F8 list of
Startup Options), and install, update and scan from there.

 

[NightShift DJ]

Sorry Ken,

I didn't mean to yell. was tired when I wrote and left caps on.

I did use malware remover i got from GeneralGeeks.cm to remove the trojan.

When ever I'm attacked and it get's past my Trend Micro, I always do a
restore to a few days before the problem. this time I tried and the error
message that poped up was the RUNDLL.

So that is where I sit. Unable to run or access restore and now my computer
is going throughthe motoins of cycling through the dirves. and the light
comes on my floopy drive and can hear it momentarily try to read, when there
is no disc inserted. it has done this several times while I've been typing
this.

Not being able to acess the Restore feature has me worried to the point that
I may have to start from square one and re-install my windows to solve the
problem that it has caused.

Is there a way to re-install my windows without losing everything else?

Your insight and help is welcome.

Mike

 

[Elmo]

Sorry Ken,

I didn't mean to yell, was tired when I wrote and left caps on.

I did use malware remover I got from GeneralGeekZ.Zm to remove the Trojan.

Whenever I'm attacked and it gets past my Trend Micro, I always do a
restore to a few days before the problem. This time I tried and the error
message that popPed up was the RUNDLL.

GeneralGeekZ.Zm is a malicious site. (I munged the name of the site.)
You should have gone to malwarebytes.org

To get some control of the machine, press Ctrl/Alt-Delete and stop any
rundll or rundll32 operation.. maybe other operations too, till you can
download, install, update and run Malwarebytes.

 

[Patrick Keenan]

Sorry Ken,

I didn't mean to yell. was tired when I wrote and left caps on.

I did use malware remover i got from GeneralGeeks.cm to remove the trojan.

When ever I'm attacked and it get's past my Trend Micro, I always do a
restore to a few days before the problem. this time I tried and the error
message that poped up was the RUNDLL.

System Restore is not intended for this purpose and won't do the job of
malware removal.

Just as it doesn't remove your data, it won't remove malicious files that
have been copied to disk. It may remove launcher references, but the files
remain.

In addition, it's pretty common for malware to infect restore points.

So that is where I sit. Unable to run or access restore and now my
computer
is going throughthe motoins of cycling through the dirves. and the light
comes on my floopy drive and can hear it momentarily try to read, when
there
is no disc inserted. it has done this several times while I've been typing
this.

Not being able to acess the Restore feature has me worried to the point
that
I may have to start from square one and re-install my windows to solve the
problem that it has caused.

Is there a way to re-install my windows without losing everything else?

I would personally start with clearing out the temp and temporary internet
files folders, perhaps while the drive is attached to another system (this
prevents malware from being protected by virtue of being running) and then
scanning it with an up-to-date AV install. Then put the drive back, and
run HiJackThis.

HTH
-pk

 

[NightShift DJ]

I ment to say major geeks. also i do have malwarebytes and i already took
care of the trojan. now my computer will not allow me to run or access the
restore and am also showing porblems with boot up, it takes two or three
times before it works.

so, is there anyway i can reenstall my windows oem without losing my current
settings and other programs?

 

[Patrick Keenan]

I ment to say major geeks. also i do have malwarebytes and i already took
care of the trojan. now my computer will not allow me to run or access the
restore and am also showing porblems with boot up, it takes two or three
times before it works.

so, is there anyway i can reenstall my windows oem without losing my
current
settings and other programs?

The only way to do that is to do a repair install, or possibly with sfc
/scannow.

The problem with a repair install is that it uses most if not all of the
existing registry, and if the problem is in the registry, it is not fixed.

HTH
-pk

 

[NightShift DJ]

Already ran hijack
already cleaned out temp files
still having the RUNDLL message pop up when i try to gain access to restore
also i am now having probs with starting up computer takes two three times
before it works

I am under the assumption that my widows has been damaged tothe point that i
will have to re-install it.

 

[Elmo]

I meant to say major geeks. Also, I do have malwarebytes and I already took
care of the Trojan. Now my computer will not allow me to run or access the
restore and am also showing problems with boot up, it takes two or three
times before it works.

So, is there any way I can reinstall my Windows oem without losing my current
settings and other programs?

Most antimalware software, maybe including malwarebytes, will delete any
restore point that's infected. The malware will destroy all restore
points so you can't easily restore out of trouble. Here're a couple of
links with more SR help:

System Restore fails to restore:
http://bertk.mvps.org/html/srfail.html

See "Troubleshooting System Restore in Windows XP"
(http://support.microsoft.com/?kbid=302796).

If you mean "restore the system" rather than "use system restore",
here's what I would do, if the OEM CD only has a destructive repair:

Use a BartPE or Linux/Knoppix CD to copy all needed data to a thumb
drive, or some other backup media. You won't be able to salvage
software, unless you still have the install executables stored
somewhere. You could also slave the hd to another computer and save the
data to that system temporarily.

hth,