Tech support needed...Protect.dll, Autochk.dll...

[Mindz]

Anyone had any encounters with these two bastards of a problem?

Well last night, I fired up my computer since I had the internet working again and I go to check my e-mail which got redirected to thefeedyard.com. hmmmmm. Hit back, clicked another link (inbox) from hotmail and it went to globexonline.com or something. Interesting. Clicking back and hovering over all the hyperlinks on the page, they all lead to one of the two websites. I ran AVG and malware bytes and both came up with 6 files: 4 belonging to autochk.dll, 1 protect.dll and one other one (can't remember but it's a .bak file). After reading up online, I installed f-secure online scanner and deleted the registry keys manually, but while restarting, the files would just stay there. I'm currently locked in a battle with these two files which run the 4 other ones and I can't do anything online at home anymore.

Does anyone have any info I might not have read about or has anyone dealt with this problem before?

I'm posting this while at work if you're wondering how I was able to visit this site.

[texan]

try runnning cleanup.exe in safe mode
http://www.stevengould.org/index.php...tent&task=view

then run malwarebytes again

[Xanthos]

Which antivirus are you using? Sounds like you have a Trojan dropper and some random malware.

I'd recommend downloading AdAware SE and Spybot Search & Destroy if you don't already have them. Run a full virus scan in safe mode, as well as scans from AdAware and SB and then reboot back into normal mode. Once back into normal mode, run a Windows Defender scan (assuming you have XP or higher) and then run another virus scan. HOPEFULLY that should have gotten rid of everything. If not, you'll have to find a more specialized removal tool.

The utility listed in texan's post won't help you in the slightest. All it removes is temporary internet files, which you can get rid of by clearing your browser cache. Not going to clear up your little... "infestation."
- X

[Mr Twisty]

Why a .bak file??? Open it with notepad see if it's readable.
Maybe the spammer was nice enough to backup your original files for you before he bent you over LOL

[texan]

The cleanup.exe clears out files to make scans faster, if someone isn't doing their housekeeping it cuts scan times exponentially...it does a lot more than Internet temp files

Without knowing someone's experience level it's hard to give specific instructions sometimes

Ad-aware and Spybot are still okay, they used to be great but on a weekly basis of cleaning bugs I've had greater success with malwarebytes recently. Using them all is a last resort to blowing the OS. If it is a rootkit you may not ever get it out if it has a recycle trigger.

Another good tool for rootkit removal on windows is GMER - http://www.gmer.net/

This want do anything about the dll's but you might want to check your hosts file in c:\windows\system32\drivers\etc..open hosts with notepad and see if it has entries to those sites. The browsing to undesired sites is know as hijacking. Trend Micro had a utility called CWShredder that I'm not sure who maintains it now http://www.softpedia.com/get/Interne...Shredder.shtml

If you are on Vista disable the System Restore first.

Again, in my bank environment if these slip past my IPS and AV I will rebuild the PC just to be on the safe side. These bugs can be time consuming. Good luck...btw, don't blame me if it goes to hell in a handbasket please!

[texan]

one more tool, hijackthis will give you a more detailed list than msconfig to see what is starting up http://download.cnet.com/Trend-Micro...-10227353.html

if you really want to get down and dirty check out some winternals and a sniffer

http://technet.microsoft.com/en-us/s...s/default.aspx
http://www.wireshark.org/

last tip and I have to get productive...you can download firefox or chrome to usb and install it on the pc, if you can get out with another browser it is not network related but IE targeted and before disabling system restore you might try going back in time

[Mindz]

Thanks for the links Texan. I formatted and re-installed last night (I keep most of my files on my external hard drive which I only connect if I want to listen to music or whatever.

I'm downloading Hijackthis as I type this.

[texan]

good call

[manimsoblack]

watch out i had one that attached itself to any removable drives once, that was a frustrating week.

[Xanthos]

This is one of the reasons why I love my school laptop.

Runs on Linux.
- X

[Camaro509]

Just fixed a laptop that was saturated with trojans and malware crap using this:
http://www.techmixer.com/kaspersky-r...009-using-dos/

It says it is 2009, it isn't. It's the 2008 version that will need to be updated online for a more thorough scan/remove once up and running. It boots off the CD (its an ISO image)
and loads a streamlined version of linux so you don't need to worry about propagating the malware and virii. Real easy to use, but the scans can take a long while since it is running off the CD and memory.

[Xanthos]

Quote:

Originally Posted by Camaro509

Just fixed a laptop that was saturated with trojans and malware crap using this:
http://www.techmixer.com/kaspersky-r...009-using-dos/

It says it is 2009, it isn't. It's the 2008 version that will need to be updated online for a more thorough scan/remove once up and running. It boots off the CD (its an ISO image)
and loads a streamlined version of linux so you don't need to worry about propagating the malware and virii. Real easy to use, but the scans can take a long while since it is running off the CD and memory.

Hmm - bookmarked.
- X

[texan]

kaspersky is good stuff, I've used several times, the only downside I could find was the footprint..it's almost as bloated and memory hog as Norton, at my last use

I'm an idiot..I forgot to meniton Hiren's. It's like the Snap-On truck for computer mechanics
http://www.hiren.info/pages/bootcd

[Camaro509]

Quote:

Originally Posted by texan

kaspersky is good stuff, I've used several times, the only downside I could find was the footprint..it's almost as bloated and memory hog as Norton, at my last use

I'm an idiot..I forgot to meniton Hiren's. It's like the Snap-On truck for computer mechanics
http://www.hiren.info/pages/bootcd

The above Kaspersky isn't bloated at all, it is a streamlined version of their 'retail' version designed for bootable scans, not installation.

Norton's used to be bloated bad, their newest products are much, much thinner and faster. Give the new stuff a try, you may be pleasantly surprised.