When I boot up my computer (a Dell Inspiron 530s running Vista Home Premium)
two error messages pop up. They both say RunDLL at the top and say this in
the middle:

C:\Users\Isaac\AppData\Local\Temp\(in here one says ddaby.dll and the other
says awtss.dll)
The specific module could not be found.

Should i be worried about this? If so, how do i get rid of it?

vakama380 wrote:

When I boot up my computer (a Dell Inspiron 530s running Vista Home
Premium) two error messages pop up. They both say RunDLL at the top and
say this in the middle:

C:\Users\Isaac\AppData\Local\Temp\(in here one says ddaby.dll and the
other says awtss.dll)
The specific module could not be found.

Should i be worried about this? If so, how do i get rid of it?

The ddaby.dll is part of the nasty Virtumonde malware and the awtss.dll is
part of the WinFixer malware. If you have already cleaned up your machine
then references to these files were left in Startup. If you have *not* done
extensive malware removal, then you need to do so.

Go to the BleepingComputer site below and look up how to remove Virtumonde
and WinFixer. You might also want to review my general malware removal
steps at the link that follows BleepingComputer. Or just register at
BleepingComputer to get guided help.

http://www.bleepingcomputer.com/forums/forum55.html
http://www.elephantboycomputers.com/...moving_Malware

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

"Malke" wrote:
If you have already cleaned up your machine then references to these files were left in startup.
Can i remove them from startup?

vakama380 wrote:



"Malke" wrote:
If you have already cleaned up your machine then references to these files
were left in startup.
Can i remove them from startup?

You can try but if you haven't cleaned up your machine per the links I
already gave you the malware is just going to respawn. Simply removing
those particular .dlls from Startup on an infected machine is going to do
diddly-squat.

However, here is information on managing your Startup:

Start OrbStart Search boxmsconfig [enter]

If you are prompted for an administrator password or for a confirmation,
type the password, or click Continue. Then see what is on the Startup tab.
You don't need to restart immediately, but the next time you do you'll get
a dialog saying you've used the Utility. Usually in Vista this will be
blocked by Windows Defender and you'll need to allow it so you can then
tick the box that says in effect, "don't bother me about this again".

Important - Do not use the System Configuration Utility to stop processes.
Instead, use StartRunservices.msc [enter] and do not stop any services
unless you really, really know what you're doing.

The free Autoruns program is very useful for managing your Startup -
http://www.microsoft.com/technet/sys...s/default.mspx - Autoruns


Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

"Malke" wrote:


If you are prompted for an administrator password or for a confirmation,
type the password, or click Continue. Then see what is on the Startup tab.
You don't need to restart immediately, but the next time you do you'll get
a dialog saying you've used the Utility. Usually in Vista this will be
blocked by Windows Defender and you'll need to allow it so you can then
tick the box that says in effect, "don't bother me about this again".

This is very confusing to me. First of all, am I just supposed to look at my
startup, or am I supposed to disable the rundll programs. Secondly, I need to
allow what? To tick what box? Please help as I am quite confused.

vakama380 wrote:



"Malke" wrote:


If you are prompted for an administrator password or for a confirmation,
type the password, or click Continue. Then see what is on the Startup
tab. You don't need to restart immediately, but the next time you do
you'll get a dialog saying you've used the Utility. Usually in Vista this
will be blocked by Windows Defender and you'll need to allow it so you
can then tick the box that says in effect, "don't bother me about this
again".

This is very confusing to me. First of all, am I just supposed to look at
my startup, or am I supposed to disable the rundll programs. Secondly, I
need to allow what? To tick what box? Please help as I am quite confused.

You are supposed to first ensure that your computer is virus/malware-free. I
don't believe you've done that. Of course I don't know that for certain,
but it's an educated guess.

As I told you in my very first post, if you don't understand any of this -
and there's no shame in admitting this isn't your cup of tea - take the
machine to a computer professional for cleanup/repair. There's really
nothing else that can be done for you by someone who can't work with your
computer directly.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

"Malke" wrote:

vakama380 wrote:



"Malke" wrote:


If you are prompted for an administrator password or for a confirmation,
type the password, or click Continue. Then see what is on the Startup
tab. You don't need to restart immediately, but the next time you do
you'll get a dialog saying you've used the Utility. Usually in Vista this
will be blocked by Windows Defender and you'll need to allow it so you
can then tick the box that says in effect, "don't bother me about this
again".

This is very confusing to me. First of all, am I just supposed to look at
my startup, or am I supposed to disable the rundll programs. Secondly, I
need to allow what? To tick what box? Please help as I am quite confused.

You are supposed to first ensure that your computer is virus/malware-free. I
don't believe you've done that. Of course I don't know that for certain,
but it's an educated guess.

As I told you in my very first post, if you don't understand any of this -
and there's no shame in admitting this isn't your cup of tea - take the
machine to a computer professional for cleanup/repair. There's really
nothing else that can be done for you by someone who can't work with your
computer directly.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

I fogot to tell you that I ran a vundo scan that I got from BleepingComputer
after searching for Virtumonde. It came up with a thread that said "How To
Remove Winfixer / Virtumonde / Msevents / Trojan.vundo.b" and the scan file
was on there. I searched and it came up with nothing. Sorry for not telling
you and probably getting you frustrated by thinking I was being dumb or
something.

"Malke" wrote:

vakama380 wrote:



"Malke" wrote:


If you are prompted for an administrator password or for a confirmation,
type the password, or click Continue. Then see what is on the Startup
tab. You don't need to restart immediately, but the next time you do
you'll get a dialog saying you've used the Utility. Usually in Vista this
will be blocked by Windows Defender and you'll need to allow it so you
can then tick the box that says in effect, "don't bother me about this
again".

This is very confusing to me. First of all, am I just supposed to look at
my startup, or am I supposed to disable the rundll programs. Secondly, I
need to allow what? To tick what box? Please help as I am quite confused.

You are supposed to first ensure that your computer is virus/malware-free. I
don't believe you've done that. Of course I don't know that for certain,
but it's an educated guess.

As I told you in my very first post, if you don't understand any of this -
and there's no shame in admitting this isn't your cup of tea - take the
machine to a computer professional for cleanup/repair. There's really
nothing else that can be done for you by someone who can't work with your
computer directly.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

Also, I think i just got what you were saying.