Something quite disturbing happened today with my system and I'd like to post that here, hoping to find some answers. Gladly, I'm pretty sure I got rid of it now.
I think whatever hit me is something thats new, it went undetected through Outpost Firewall, NOD32 and a totally up-to-date WinXP. I searched google, but with no results.
It started today, when I was booting up my computer. The first thing I noticed was that the quickstart taskbar was absent. I reactivated it and went online to do my daily news browsing.
But something was wrong with the Internet. It was extremely slow, some sites didn't even load, but others did. Firing up Tune-Up Utilities process manager unveiled the evildoer:
Spoiler:
Checking out system32 then revealed to me a total of 7 dll's with what seemed to be randomly generated names:
The timestamp said that they were created yesterday and today. (28th and 29th of June)
They were initialized through rundll32.exe and hooked to every single process that was active at the moment. I got angry and used the Unlocker tool to eradicate all of those things which resulted in a lot of errors and program crashes but I managed to delete 4 of the dll's via cmd after killing off explorer.exe. Trying to unlock one of the remaining dll's - aaywqjaf.dll - which was still bound to winlogon.exe and lsass.exe made the computer crash completely. After the forced reboot, I changed to Vista and got rid of the final 3 dll's which was not problem since they weren't in use now. Now back to WinXP. On booting I get some error messages, that rundll32 cannot initiate aaywqjaf.dll and cuikyvrm.dll and the quickstart bar was gone again. This was because the entries were still in MSCONFIG:
Spoiler:
I deactivated the 2 entries and rebooted. And now - bam! - everything seems to be working fine again. Internet is good, quickstart is there, suspicious processes are gone.
But what was it that nefariously attacked me there? I barely remember Outpost Host Protection giving out a warning about rundll32.exe but not doing anything about it, that was yesterday at night and I think it was the time I got attacked. Now I'm looking for answers and/or people that have experienced something similar. If anyone is interested, I made back-ups of the 7 dll files and uploaded them here:
Signature/Avatar nuking: none (can be changed in your profile)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
