Guest Teneo Posted October 16, 2008 Posted October 16, 2008 After spending 2 days fixing vundo infection, spybot and malwarebytes helped clean it. Both give a clean bill of health but I have a little issue in MSCONFIG. There is an entry for Rundll.exe c:\windows\system32\siyipino.dll in msconfig. When I try to untick it and save settings in msconfig I get access denied must be a member of administrator when I am member of administrator. I searched google and there are posts about HP software and Mcafee. I dont have HP software, I have mcafee which was uninstalled but didn't make a difference. I still cannot change settings in msconfig... ANY IDEAS ? Ccleaner lets me delete entries in 'start up' but 30 seconds later the entry is back. I even went into regedit and deleted it here but again 30 seconds its back. Malwarebytes was successful in deleting the siyipino.dll file after about 5 scans and of course on pc startup I get the error that startup cant find the dll. There must be something else on the pc generating it but I am now at a loss where to go from here. I also downloaded Hijackthis and it too shows reference to the dll and when you delete it 30 seconds later its back. There must be another file / process running putting this entry back. I am posting this incase anyone else gets a similar infection and can see what I used to fix but any ideas what I can use to find what is putting the entry back into msconfig / startup. TIA
Guest nass Posted October 16, 2008 Posted October 16, 2008 RE: Vundo infection... nearly fixed. "Teneo" wrote: > After spending 2 days fixing vundo infection, spybot and malwarebytes helped > clean it. > > Both give a clean bill of health but I have a little issue in MSCONFIG. > > There is an entry for Rundll.exe c:\windows\system32\siyipino.dll in > msconfig. > > When I try to untick it and save settings in msconfig I get access denied > must be a member of administrator when I am member of administrator. I > searched google and there are posts about HP software and Mcafee. I dont > have HP software, I have mcafee which was uninstalled but didn't make a > difference. I still cannot change settings in msconfig... ANY IDEAS ? > > Ccleaner lets me delete entries in 'start up' but 30 seconds later the entry > is back. I even went into regedit and deleted it here but again 30 seconds > its back. Malwarebytes was successful in deleting the siyipino.dll file > after about 5 scans and of course on pc startup I get the error that startup > cant find the dll. There must be something else on the pc generating it but > I am now at a loss where to go from here. > > I also downloaded Hijackthis and it too shows reference to the dll and when > you delete it 30 seconds later its back. There must be another file / > process running putting this entry back. > > I am posting this incase anyone else gets a similar infection and can see > what I used to fix but any ideas what I can use to find what is putting the > entry back into msconfig / startup. > > TIA You still infected and you need to run a thorough scan. See other thread below yours just started! Thread title: ewgmfxd.dll HTH, nass --- http://www.nasstec.co.uk
Guest Mick Murphy Posted October 16, 2008 Posted October 16, 2008 RE: Vundo infection... nearly fixed. Go into Safe Mode, and rerun your scans: Important re: Safe Mode If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode. To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode from list of options, then hit ENTER. RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D while in Safe Mode. Keys to find remnants of spyware HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run It could be in one or the other. Go into Run>regedit -- Mad Mike "Teneo" wrote: > After spending 2 days fixing vundo infection, spybot and malwarebytes helped > clean it. > > Both give a clean bill of health but I have a little issue in MSCONFIG. > > There is an entry for Rundll.exe c:\windows\system32\siyipino.dll in > msconfig. > > When I try to untick it and save settings in msconfig I get access denied > must be a member of administrator when I am member of administrator. I > searched google and there are posts about HP software and Mcafee. I dont > have HP software, I have mcafee which was uninstalled but didn't make a > difference. I still cannot change settings in msconfig... ANY IDEAS ? > > Ccleaner lets me delete entries in 'start up' but 30 seconds later the entry > is back. I even went into regedit and deleted it here but again 30 seconds > its back. Malwarebytes was successful in deleting the siyipino.dll file > after about 5 scans and of course on pc startup I get the error that startup > cant find the dll. There must be something else on the pc generating it but > I am now at a loss where to go from here. > > I also downloaded Hijackthis and it too shows reference to the dll and when > you delete it 30 seconds later its back. There must be another file / > process running putting this entry back. > > I am posting this incase anyone else gets a similar infection and can see > what I used to fix but any ideas what I can use to find what is putting the > entry back into msconfig / startup. > > TIA > > >
Guest Elmo Posted October 16, 2008 Posted October 16, 2008 Re: Vundo infection... nearly fixed. Teneo wrote: > After spending 2 days fixing vundo infection, spybot and malwarebytes helped > clean it. > > Both give a clean bill of health but I have a little issue in MSCONFIG. > > There is an entry for Rundll.exe c:\windows\system32\siyipino.dll in > msconfig. > > When I try to untick it and save settings in msconfig I get access denied > must be a member of administrator when I am member of administrator. I > searched google and there are posts about HP software and Mcafee. I dont > have HP software, I have mcafee which was uninstalled but didn't make a > difference. I still cannot change settings in msconfig... ANY IDEAS ? > > Ccleaner lets me delete entries in 'start up' but 30 seconds later the entry > is back. I even went into regedit and deleted it here but again 30 seconds > its back. Malwarebytes was successful in deleting the siyipino.dll file > after about 5 scans and of course on pc startup I get the error that startup > cant find the dll. There must be something else on the pc generating it but > I am now at a loss where to go from here. > > I also downloaded Hijackthis and it too shows reference to the dll and when > you delete it 30 seconds later its back. There must be another file / > process running putting this entry back. > > I am posting this in case anyone else gets a similar infection and can see > what I used to fix but any ideas what I can use to find what is putting the > entry back into msconfig / startup. - ZA and some other software will block changes using MSCONFIG. Try running from Safe Mode and you might not get that error message. - This will get rid of the entry in the registry. That way you won't have to run MSCONFIG in Diagnostic Mode to continue blocking the entry: Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3, type the name of the file into the search pane. Click "Find Next", and when located, delete the reference to the file. Press F3 to continue the search. You can click File, Export, and save the entry to the Desktop. If you remove it and there's a problem, double-click the .reg file you exported to the Desktop and it'll be added to the registry again. You can create a restore point before editing the registry too. You could click Start, Run, type MSCONFIG, click OK, click the StartUp tab, and deselect the item(s). When you restart the computer, you will be warned that you're running in the Diagnostic mode; click to not alert you again, and OK out. You won't see the message again. But I think it's best to just remove the references from the registry. - Look for what others have suggested with this Google Groups search: http://groups.google.com/groups/search?q=access+denied+msconfig&qt_s=Search Don't click on a "post" with a random "Group" name, such as "Group: nd16o" They contain spyware. -- Joe =o)
Recommended Posts