What can you tell me about the virus MSVCTVRL.DLL?

Norton's caught it, called it an "Infoseeker"? So, I scanned with Spybot & Adaware which didn't catch it. Scanned with Norton's and it got it, but said it couldn't delete it. So I looked up some info on it, and Symantic site suggested I do the Norton's scan in safe mode. So I did.

Now Norton's isn't alerting me to the virus anymore, but when I pulled up IE, I got a pop up that said something "couldn't open because file MSVCTVRL.DLL not found", so I just kept clicking "ok" until it went away. Same popup when I tried to open Norton's & run it again, but kept clicking the "ok" and it eventually went away.

Am re-scanning as we speak with Norton's to see if, in fact, it's really gone.

But how can I get rid of those annoying pop-ups?

I'm so confused..........I hate computers............... :wall:

STILL running Norton's.

I tried to get into ChaCha (uses Java and the best version that works on it is the version 5, update 12 NOT the most recent one), Java wouldn't run. No error message or anything, got the "java" popup window, then it went away, then nothing. ChaCha didn't load up.

So, went to the Java site, tried to REdownload it and got a "runtime" error, then a bunch of error boxes kept popping up.

Don't ask me what they said, I didn't write it down but if you need that info, I can try it again and get it for you.

:wall: :wall: :wall: :wall:

:blink:

I'll do a lil research on it here in a min, but if you see this, open your start menu, go to run, type in msconfig an hit enter. Go to the start up tab an take a screen shot of what's listed there. Dependin on how much stuff you have there runnin when windows starts you might havta screen shot, then scroll down an shoot agin. It sounds as though you've got a bug that was dependant on this dll file, since norton got rid of the file, that particular program is now of course havin trouble. So we'll havta git rid of whatever created that program in the first place. Do you happen to have the utility called .... uh.. lol I think it's called "highjackthis" That don't sound right does it? I'll havta look I cain't member the thin.

This particular dll doesn't ring a bell, so we'll havta see whose usin that file. Do you recall where it said that file was located? Wether windows system, er system32 folders etc?

I think it said system32, not sure.

Norton's just got done, THAT says it's clean.

I'll do that screenshot thing tomorrow.......Ty's home and it's :quote: bed :quote: time......... B)

oh btw... you've done some of the piliminary stuff right? Dumped your temp files, both windows an IE as well as cookies etc? Do you have admin rights in safe mode? Easier to dump large amounts of files there if need be. Can you think of any sites you've been to recently that were questionable? Gotta find whose put what togeather an then where.

For the time bein though, you could go to start > run type msconfig, an jes uncheck ALL of the boxes listed there, restart your puter.. this is in case you don't shut it off at night, if you do no biggy, but you wouldn't want the thin whatever it is to be tryin to download stuff all night.

The most likely reason norton hasn't found anythin else is because that particular whatever you have hasn't been added as a potenital problem to any of the security updates. Jes havta wait an see though.

Mmmmm it's not lookin real good at the moment, but it looks like it's like I was afraid of, it's jes to new to have any real info on it.

1. COVERT ANALYSIS OF: MSVCTVRL.DLL
File Names Used: 1
Paths Used: 1
Common File Name: MSVCTVRL.DLL
Common Path: %WINDIR%\SYSTEM32\
Vendor Information: No Vendor details specified
File Name Structure: Irregular
File and Path Structure: Normal
2. RELATIONSHIP ANALYSIS OF: MSVCTVRL.DLL
No relationship details available for this object
3. ACTIVITY ANALYSIS OF: MSVCTVRL.DLL
No activity has yet been observed for this object
4. PROPAGATION ANALYSIS OF: MSVCTVRL.DLL
Object Propagation Rate: Very Low (minimal spread)
Copyright Prevx Limited 2005, 2006

Check an see wether er not Norton managed to save a copy of the file into a vault er the like. I hope it hasn't deleted it, from what I've seen of some of folks night mares, they ain't even foolin wit it, their jes formattin an reinstallin. Not an option at current I grant you. There's jes not any real information on this particular file, other then I can say I don't recongnize it an it's not a system file from any vendor that I know of as of yet either. Goin to do a bit more lookin round, but if it is indeed a malware er the like, norton may have chewed up the wrong file an we might need to git it back jes to fix the problems. It will eventually be removed, but might need to use it for a bit.

I think A2J's got you on the right path. THe name of the program is HijackThis. Had to use it too many times on my mom & dad's computers. They're always getting into crap. That's why I hate going to Corpus!

Okay, looked in the Norton's backup section and this is what it lists as removed yesterday:

msvctvrl.dll -- Infostealer -- WINDOWS\system32 (this one is listed twice, I guess because I ran Norton's twice?)
tmpDC07.tmp -- Infostealer -- Documents & settings\Deb\Local Settings\Temp


Getting ready to try & do that screen shot.

How do I do that hijack this thing? Just download it & let it run?

Okay, brain freeze (haven't done it for awhile), but how do I do a screen shot? I know it's with the Print Screen button somehow.......

Okay, here's what I got when I ran Hijack this:

Whatever you see that I need to delete, let me know.....it looks like a weird alien language to me....... :blink:

I also did "Generate Startup Log" from hijack this, does it help?

I found this forum talking about it, but it's all WAY over my head~

http://forum.aumha.org/viewtopic.php?t=291...c4f5a7ac696e1a9

Okay, I'm done for now, I've got a headache. Thanks for the help you've already given me, I appreciate your time! Hopefully you guys can help me figure out what to do to get it outta here.

........and then I'll owe you a beer or two or three......... :nod:

.
.
AM....what's the prob.

I see you online here at FHL...so you're obviously online.

Is this still a problem?



One of the first things I would do is ditch IE...download Firefox and add an extension called "no-script"....I guarentee that no internet nasty will get by you w/o your permission.

If IE is broke or missing files, perhaps you can put in your windows disk and do a repair....Also, do you have XP's system restore turned on?

Might also be a good idea to scan your registry....START|RUN|"regedit" and search for that particular DLL.

I probably won't be able to read much more...been pretty busy at work. I'll try to check in when I can....sorry.

Yes, still a problem, I get a

"This application has failed to start because msvctvrl.dll was not found. Re-installing the program may fix this problem."

pop-up when I try to go into Norton's as well as trying to run ChaCha (which uses Java, it's Java that's not opening, not ChaCha itself). On Norton's, I keep clicking the "ok" button and it eventually lets me in, but not on the java one.

I turned off system restore when I ran Norton's in safe mode, now I can't get back into the system file to turn it back on.

I'll have to look for the disk to see if I can just put everything back on again, unless somebody has some other ideas.

I'm not going to do ANYthing until I hear back from one of you guys, tho.

Thanks, Squat-bro, I know you're busy like all the other guys and I appreciate your time more than I can say! :) Don't apologize.........unless you really want to.........

Anyhow, I've found my Windows CD in case you all think I just need to start over from scratch.

:dunno:

I agree with a previous poster who shall remain unnamed :P

Get Firefox/Mozilla... It's less of a 'threat' to mean ppl to destroy such as IE or Netscape...


Hope the rest gets figured out...
:unsure:

Louis is out working this morning but will catch up with this thread when he gets home.

Thanks Sarah.......warn him, he's got alot of reading to catch up on!

Tell him to send me a bill..... :nod:

Update: Heading out to Best Buy to buy an external drive (is that right?) to save the pictures & documents we've got on this one so we can reinstall. We've got one already, but it's an old one and wasn't too big, so it's full. Time to get another one anyhow.

Good spyware adware tools are
AdAware from lavasoft www.lavasoft.com
Spybot do a search for Search and destroy at google it's safer.netwroking something or other
Superantispyware - real nice tool... I like it....


Hijack this is greek to me I run the file and paste the log file intoa forum at Major Geek.com and do what they tell me....

.
.
rather than an external drive....USB Keys are cheaper and no moving parts. Get a large enough size to save everything.


Not sure I would give on this one yet....


So if I'm reading right...Norton is the one giving you the error message? Have you called them and talked to any friendly Abu type characters?


You could also uninstall and reinstall Norton....


I'm going to google this dll a bit....brb.

I get that popup when I try to run Norton's as well as Java.

Sqaut.... READ what is written my brother.... it is not jes Norton, an from the research I've done, it can be a whole host of other exe's that fail because of this file that no one knows anythin bout.

Secondly... People!! Do NOT advise a user EVER that is havin a problem wit thier puter to git rid of IE. There ARE times when this is advantageous, but this is NOT one of those times. Whatever the bug etc is Deb's got may have been tracked on via IE but IE isn't the problem at the moment.

Drives me nuts I hear thins like:

complaint: my puter won't boot

soultion: Oh git Firefox!!!

:rolleyes:

Ok Deb, I went through your log, unfortuneately I didn't see any redirects, any malware, no spam, infact I couldn't find anythin a miss, no browser hijacks er anythin else. I was hopin to find sumthin there. I admit I am not an expert on log files etc, an have done what Raspy has done as well, but anythin I didn't recongnize I looked up. You have a ton of imaginin software runnin, media this an that, hp photo, a couple other photo thins goin. You really don't need those thins to run ever time you start your puter.

So I'd disable them from the start up as they are only costin you resoruces, I also seen you had a hotkey sumthin er nother runnin, if you are not usin that particular keyboard, it doesn't need to load either. Don't worry, by disablin these items on your start menu will not delete er git rid of em, an if you see sumthin you jes havta have in your taskbar on boot up, jes enable it agin.

So click start > run > type msconfig, hit enter. Go to the start up tab, disable all those thins that you jes don't use ever time the puter starts, leave of course norton etc. Click apply an restart your puter.

Also, boot into safe mode, F8 on startup to git to the menu, delete Your temp files, as well as your internet temp files. C:\windows\temp, an your internet temp files, C:\Documents and Settings\Deb\Local Settings If you have hidden folders hidden, then you need to either enable them, er type out the address in your window, to enable them go to the top an click tools > folder options > click on the tab view. An under hidden files an folders, click show hidden files. Then you can go in an delete em manually witout usin a broswer.

Dump your cookies. You'll loose your history in the address bar, automatic logins etc.

I think you said you do not have a system restore point right now because norton asked you to git rid of em. If you do have one, jes delete the thin because it's liable to have some form of infection anyways.

I would not jes yet format an reinstall windows, not jes yet. This dll is some what new an I cain't find anythin out bout it, nor can anyone else I've talked to er looked up. I would click start > search > all files an folders, an type in that name as it was. Tell it to search. Once you find it, provided it's in a vault er other such, then you can manually go git the dll an place it back into the windows\system32. Yes I'm askin you to replace an unknown an potentially dangerous file into your windows folder agin. But I truly believe norton took out a symptom an not the problem here. Then I'd upgrade to latest defintions of spybot an adaware an run these, an make sure you do full scans, an it would be better if you did these in safe mode.

Since I seen you've got the genuine windows crap runnin, then you qualify for their anti-spyware stuff as well, I have a copy I can email to you ... uh I think... I don't think it was to big, might havta look but can see anyways. It's not half bad, a lil bothersome wit wantin to update, but in conjunction wit the others it'll keep you really clean.

Have you also btw, told spybot to immunize your system? An does your norton have an included firewall? If you enable that firewall, if I recall correctly I may be off. It may be teatimer I'm thinkin of, but if anythin wishes to contact the internet it'll ask you if you give it your permission. This can be annoyin for a lil while til we, er someone sorts this out, but you could block everthin goin out if you don't know what it is.

I haven't given up, but this dll is news to me, an apperently news to everone else as well.

Louis...... :hug:

Thanks for all your hard work, especially after working all day! I printed out what you wrote and am getting started on it now.

Ty said if this fixes our computer, he'll take you out fishing next time you're in our area..... B)

Don't worry bout tryin to replace that one dll file that norton removed, it may not be needed at the moment, but the rest of that is jes general maintance anyways. An it does not look like it will actually fix the problem at the moment, the idea bout stickin that deleted dll back in was so you weren't limited in your abilities til a work around could be found. I'm researchin one right now, they didn't have it up there last night so I'm jes doin a bit of checkin.

Well, the work around seems to be workin well for folks. Now all you need is an uninfected imm32.dll. an need to replace your current file. You wouldn't need to run that .cmd file an it's really easy to do anyways, jes followin the instructions that feller gave would do it.

I'll check an see if there is a downloadable imm32.dll around, if not, has Ty got his laptop round? if they are the same OS then it should be ok to use etc etc. DLL's can be a nightmare at times, but this one seems to be a pretty easy deal. An you should feel lucky, your one of the first to end up wit this bug. It's pert near brand new hehe.

http://www.freedrive.com/files/3r5qws9y2akg0s/imm32.zip

Here is the file, Sarah's layin down after havin cut the grass, but I think she has yahoo er sumthin to send a direct connect file to you, but jes in case here is one (provided this damn free drive thin will actually work)

Okay, back up a second & let me tell you what all I did.

Actually, I went down that long list you typed & did everything. The problem was that Norton's kept taking OUT that MSVCTVRL.DLL file, so I ended up disabling Norton's and then putting it back in the SYSTEM32 file.

Now everything works great!! I downloaded Java it works fine now and I can actually work on ChaCha now!

So, here are my questions:

1) Should I go back into my System folder and turn back on the "system restore" thingie?

2) Do I still need to download that other file you're talking about in your last post?

3) Will Sarah give you a big kiss on the lips for me for fixing my computer? B) :P

Ok, well the fix is to go ahead an allow norton to remove that file. Only you need to ALSO replace your IMM32.DLL file as well. The bug you got ahold of is more then likely one that injected piss poor code into your current file. So ....

Download the file, place it on your desk top. Er better still, jes extract it to your C: drive. Some place you can EASILY find it when you boot into safe mode. Shut down all other apps, windows etc. Allow norton to agin remove the file, delete it etc, the first dll, the mssumthin.dll file. Then reboot into safe mode.

Naviagte to your C:\windows\system32 folder. Find your CURRENT IMM32.dll an rename it to sumthin like IMM32OLD.dll. Move your NEW IMM32.DLL file that you downloaded into the folder.

Then reboot your system normally. This should remove the bug an any associated problems wit it. Do NOT delete the old file that you have renamed as IMM32OLD.dll. This is a safety net in the event this doesn't fix the problem. Then we can take a stab at sumthin else.

See currently, you've restored this bug, which is fine in a way, because like I said I was tryin to make it so you could at least operate online until a fix was sought out. So it isn't important to restore the file etc. Now that this fix has been provin to work, go ahead an do this fix. Do not add a system restore point right now, leave it turned off an deleted at the moment, er else it could simply include the bug when you restore later for whatever reason.

To recap

Download the file, extract it somewhere you will be able to find it when in safe mode.

Shut down all apps.

Allow Norton to delete the file agin, er manually delete the file er rename it.

Reboot the system into safe mode

Navigate to C:\windows\system32

Locate IMM32.dll an rename it to IMM32OLD.dll

Place the NEW IMM32.DLL file in the folder.

Reboot the system normally.

Then let us know if there are any other probs.

I just finished with all of that, and I think it worked!

:yay: :faint:

I so appreciate your help, you just don't know.

Is there anything else I need to do now that it's working again? To clean anything up, etc?

Naw, jes confirm some stuff, search your puter wit the start > search > all files etc an make sure that one .dll is not in any of the system folders, if it's sittin in the vault of norton er whatever it's fine. Let it run for a day er so, make sure there's no troubles then you can turn on system restore agin.

Any time you can take thins off your start up screen the more system resoruces you can free up. An if you need er want the program, like some of the image stuff etc then you jes click on the short cut an it loads it up anyways.

I'm glad thins worked out well for you.

.
.
I don't recall ever saying "get rid" of IE...however, it's VERY possible to NOT USE IE and instead use Firefox. Sheesh.

:doh:

Secondly, the very fix louise used was from a link I posted on the other thread, only w/o the thousand word attached opinion.

:doh:


Anyway....I feel kinda slighted here....

1) I get slammed for incorrectly telling AM to get RID of IE...
2) My fix gets stolen....
3) Dirty, stinky truck driver gets a kiss....(on the mouth no less)



I'm left here wondering...."WHAT THE HECK"?

:dunno:

Awww! Poor baby! :hug:

But - no. I'm not going to kiss you on the lips or anywhere else. :naughty:

All right Squat, sheesh..................your wife can kiss you on the lips, too~

But who's to say that YOU'RE not dirty & stinky as well, hmmmmmmm??? :naughty: :P

Question remains: Should I dump IE and get Firefox? Or not?

.
.
Keep IE, but only if you want to pickup more spyware and viruii.....

:smack:

Of COURSE I don't want that, Goofy!

Is Firefox easy to use? What do I do, just download it somewhere and it'll take over, or do I need to "turn off" IE somewhere so Firefox will work.

Talk me through it, oh knowledgeable one..... B)

Poor Sqaut... I wasn't tryin to bash you any... but it's a huge soap box thin for me really... ie is a fine browser SO LONG AS you use it wisely etc. Jes a program sittin there isn't goin to track on crap. You've got to go an do sumthin to git screwed wit it. So any time someones got a problem that's the first thin everone screams bout, oh you gotta git firefox.... personnaly, I think it's a pile of crap as far as a web browser goes. That's jes my personal opinion.

an I admit, I didn't give enough credit where credit was due. The night this began I spoke to a feller on that site, but at that time there wasn't any ideas bout what it was er anythin else. If you look at dates/times etc. While I was out... actually workin for a livin... not sittin in some air condition office pushin buttons..... they come up wit the fix an your right, the link you posted had the info in it to fix it. I personnaly wouldn't have expected Deb to try an figure it out by their piss poor instructions. Which is why I did the walk through, forgive me oh great slated one for I have trampeled upon you....

No, you do not havta git rid of IE to use firefox er anythin else. It's a matter of personal opinion. Yes firefox is a more secure browser cause of active x controls bla bla bla but it's an entirely different browser, an if you don't like change, you won't like firefox. Plus... an sqaut would know bout this, not me. But wasn't there some disaster in regards to the mail through firefox? Some sort of a conflict wit outlook an firefox er sumthin, this may not be an ordeal now though I donno.

I'd look up some screen shots of firefox an see if it's sumthin you'd wanna play wit. An I'd also immunize your system wit spybot, an install teatimer. These lil thins will help control any junk you track on.

I do apologise Sqaut, I wasn't tryin to bash you, an jes because I love you so much, next time I'm through Flagstaff, I'll leave you another present under that light pole ;)

Btw, Deb had posted a link to that site before you did in here, I didn't mention anythin to er, because at the time, no one knew anythin bout it, which is why I told er to be patent, cause there jes wasn't a current fix out there for it. In the end, it doesn't appear to be a mean bug er the like, didn't really do any real harm so I don't think it's a huge problem, but that's what norton did, attacked some of the symptoms witout cleanin thins up after wards. Which is why you found out you had a problem.