Avira Support Forum

I did a scan with Vipre rescue after suspecting issues with Avira installed. I have a copy of it if you would like me to send it. I would like to see it gone over and figure what went wrong. Let me know how to proceed.

At start up i am getting denied access windows for nvqtwk.dll, powirimu.dll, sayadaso.dll and iedkcs32.dll. When I try to open anything in control panel I get error message that says "error loading c:\windows\system32\shell32.dll access is denied" in a small window marked "rundll". I also get one small window saying "no language support" The computer is becoming less usable. I used Vipre rescue and have the file with the names of what was found etc. I need to get this computer back up soon. Thanks

Hello

It sounds like you are badly infected. Please download Malwarebytes and run it in Safe Mode. Also do a scan with Avira in Safe Mode.

I actually ran 5 different scans in safe mode and removed 56 instances of infection. I still have 2 issues , first on startup i get a window saying no language support and I cannot enter anything in control panel and get the message error loading "c:\windows\system32\shell32.dll" access denied



I did see reg keys in the log that referred to shell but cannot tell from it what should or should not be there. They no longer exists in the registry.


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shel
lserviceobjectdelayload\SSODL 1, ID: 4390914, Name: AdWare.Win32.Virtumonde.z, C
ategory: Adware (General)
HKEY_USERS\.DEFAULT\software\microsoft\windows\currentversion\policies\shell\
[THREAT] Item: HKEY_USERS\S-1-5-21-1914450345-4083798302-3962937336-1005\softwar
e\microsoft\internet explorer\main\Search Bar 1, ID: 44478, Name: Trojan-Downloa
der.Zlob.Media-Codec, Category: Trojan Downloader

HKEY_USERS\.DEFAULT\software\policies\microsoft\internet explorer\control panel\

HKEY_USERS\S-1-5-21-1914450345-4083798302-3962937336-1011\software\microsoft\win
dows\currentversion\explorer\user shell folders\New\

It looks like these are related to the issue but not sure.


I have 2 customers that use Avira and I am not very familiar with it. I have about 65 that use Vipre and am used to it. It looked like the Avira scanned but did not catch the batch of trojans and virus. It showed catching 1 each day every few and quarantining it but nothing more. It has been updating ok.

Thanks K

AntiVir cannot surpass a prior rootkit, and/ or backdoor infection when that malware simply has put a lock on further detections in the registry for example. Simple as that.
In cases like this I for one would really recommend a new start, i.e. a format c: and a re-install of the OS with all the updates and service packs available. That system in question to me seems to be heavily compromized, and I would not trust it. Full stop.