Sysinfo.dl,l Sysinfo2.dll and Rundll Error Message

[bch]

Hi,
Right after installed AVG Free, the AV software detected that
\Windows\system32\Sysinfo.dll was infected by "Trojan horse PSW. Generic 4
HOS". How can I restore a clean one back on it?
When scanned the computer, all drives' root directory were found that
"Sysinfo2.dll" were infected too and then have been deleted by AV software.
After the 'sysinfo2.dll' have been deleted, I am unable to open the drives
from the Explorer. It shows a rundll error message "Error loading
\sysInfo2.dll. The specified module could not be found." How can I restore
sysinfo2.dll too?
Thanks!

 

[Elmo]

Hi,
Right after installed AVG Free, the AV software detected that
\Windows\system32\Sysinfo.dll was infected by "Trojan horse PSW. Generic 4
HOS". How can I restore a clean one back on it?
When scanned the computer, all drives' root directory were found that
"Sysinfo2.dll" were infected too and then have been deleted by AV software.
After the 'sysinfo2.dll' have been deleted, I am unable to open the drives
from the Explorer. It shows a rundll error message "Error loading
\sysInfo2.dll. The specified module could not be found." How can I restore
sysinfo2.dll too?
Thanks!

SysInfo.dll and SysInfo2.dll are not XP files. You av software deleted
the malware, but didn't remove the references to the files in the
Registry, so they're still called when Explorer.exe is called. That's
because the malware was added to legitimate registry entries:

%SystemRoot%\Explorer.exe (or C:\Windows\Explorer)

was changed to

%SystemRoot%\Explorer.exe Sysinfo2.dll

for example.

Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3,
type the name of the file into the search pane. Click "Find Next", and
when located, study the reference to the file. If it reads

%SystemRoot%\Explorer.exe Sysinfo2.dll

then double-click the entry's Name to modify (or right-click the entry's
Name, click Modify), and edit the added filename so it reads:

%SystemRoot%\Explorer.exe

Press Enter to accept the change, then press F3 to continue the search.

You can click File, Export, and save the entry to the Desktop. If you
remove it and there's a problem, double-click the .reg file you exported
to the Desktop and it'll be added to the registry again. You can create
a restore point before editing the registry too.

If you find a reference to the file not attached to Explorer.exe or
other system files, you can probably just delete the entry, press F3 to
continue the search.

If you have any doubts about making a change, please post the contents
and get an opinion before making the changes.

hth,

 

[bch]

Thanks! Are SysInfo.dll and Sysinfo.dll WinME files? I found some registry
entries read as "RunDll32.exe .\SysInfo2.Dll,MyFun". If not, I can just edit
it simply as "RunDll32.exe "?

 

[Elmo]

Thanks! Are SysInfo.dll and Sysinfo.dll WinME files? I found some registry
entries read as "RunDll32.exe .\SysInfo2.Dll,MyFun". If not, I can just edit
it simply as "RunDll32.exe "?

These threads suggest they're not standard files.

http://groups.google.com/groups/search?q=SysInfo.Dll&qt_s=Search
http://groups.google.com/groups/search?q=SysInfo2.Dll&qt_s=Search

What entry includes SysInfo2.dll? It's possible you'll need to insert
another .dll where that one now exists. Right-click the (open folder
icon) Key in the l-h pane, click Copy Key Name, then paste it in a
reply. It's possible it will need to be repaired, or the whole key may
need to be deleted.

 

[aimee80]

These threads suggest they're not standard files.

http://groups.google.com/groups/sea....com/groups/search?q=SysInfo2.Dll&qt_s=Search

What entry includesSysInfo2.dll? It's possible you'll need to insert
another .dll where that one now exists. Right-click the (open folder
icon) Key in the l-h pane, click Copy Key Name, then paste it in a
reply. It's possible it will need to be repaired, or the whole key may
need to be deleted.

Hi, I am Aimee.
I do have the same problem as bch.
So this is the Key Name of my "RunDll32.exe .\SysInfo2.Dll,MyFun"
".\SysInfo2.Dll,MyFun"HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Explorer\MountPoints2\{ffcdd11e-80e8-11dc-
a331-806d6172696f}\Shell\1\Command"

I'm not sure what to do now.. rename it? delete it? and how?

thanks

 

[Elmo]

Part of previous thread, to which you're referring:

Right after installed AVG Free, the AV software detected that
\Windows\system32\Sysinfo.dll was infected by "Trojan horse PSW. Generic
4 HOS". How can I restore a clean one back on it?
When scanned the computer, all drives' root directory were found that
"Sysinfo2.dll" were infected too and then have been deleted by AV software.
After the 'sysinfo2.dll' have been deleted, I am unable to open the
drives from the Explorer. It shows a rundll error message "Error loading
\sysInfo2.dll. The specified module could not be found." How can I
restore sysinfo2.dll too?

Hi, I am Aimee.
I do have the same problem as bch.
So this is the Key Name of my "RunDll32.exe .\SysInfo2.Dll,MyFun"
".\SysInfo2.Dll,MyFun"HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Explorer\MountPoints2\{ffcdd11e-80e8-11dc-
a331-806d6172696f}\Shell\1\Command"

I'm not sure what to do now.. rename it? delete it? and how?

thanks

Dunno for sure.. It looks like RunDll32.exe is attempting to run
SysInfo2.Dll and that it's an extra entry that could easily be deleted
from the registry. Since it's not part of the Explorer shell entry, it
should be safe to delete it. No part of it looks like it belongs there.

Are you getting the same error message? BCH never showed his entries,
and possibly just deleted the entries. Editing it to read
"Rundll32.exe", as he supposed, wouldn't be smart; nothing would be
executed by Rundll32 and there might be an error message, or still no
access to explore drives.

Use System Restore to make a restore point, then delete any entries that
mention the two files. If there's a problem with a restart, using the
"Last good configuration" option should get you back where you left off.

hth,

 

[aimee80]

Part of previous thread, to which you're referring:

Right after installed AVG Free, the AV software detected that
\Windows\system32\Sysinfo.dll was infected by "Trojan horse PSW. Generic
4 HOS". How can I restore a clean one back on it?
When scanned the computer, all drives' root directory were found that
"Sysinfo2.dll" were infected too and then have been deleted by AV software.
After the 'sysinfo2.dll' have been deleted, I am unable to open the
drives from the Explorer. It shows a rundll error message "Error loading
\sysInfo2.dll. The specified module could not be found." How can I
restoresysinfo2.dll too?




Dunno for sure.. It looks like RunDll32.exe is attempting to runSysInfo2..Dll and that it's an extra entry that could easily be deleted
from the registry. Since it's not part of the Explorer shell entry, it
should be safe to delete it. No part of it looks like it belongs there.

Are you getting the same error message? BCH never showed his entries,
and possibly just deleted the entries. Editing it to read
"Rundll32.exe", as he supposed, wouldn't be smart; nothing would be
executed by Rundll32 and there might be an error message, or still no
access to explore drives.

Use System Restore to make a restore point, then delete any entries that
mention the two files. If there's a problem with a restart, using the
"Last good configuration" option should get you back where you left off.

hth,

Thanks for your answer.
yes i have the same error message
Two days ago, after format my HardDisk i reinstalled Win XP, I run
Norton Antivirus which detected that \Windows\system32\Sysinfo.dll
was infected by "Trojan horse PSW. Generic 4 HOS".

After that i didn't modify or deleted any registry entry and files.
If i right click on my drive C:\ before "find, open, explore" i have
some strange letters like "aò?(O)"

anyway, i try to delete those entries and i'll let you know.