I got put on family tech support for a nasty rootkit infection (I speak only from Google searching) on my cousin's computer. After we removed a swath of other infections, MalwareBytes picked up kwrd.dll, which I've found several threads about across the Internet. Figured I'd come back here since many of them mentioned the same cocktail of anti-malware software I used on my last rootkit problem.
The computer in question is a Dell Inspiron notebook running Windows 7. The symptoms are as follows:
- Before we started running MalwareBytes on it, it was redirecting her pages on Internet Explorer and changing her home page.
- Even when MalwareBytes removes kwrd.dll, it reappears later.
- Computer will not boot normally anymore. Most of the time, it went Dell screen, Windows screen, then restarts, then Dell screen, then it says it didn't boot properly and asks if I want to Launch Startup Repair or Start Windows Normally. Occasionally, I could get through to Safe Mode. It took a lot of restarting and a little bit of luck.
I did try the Startup Repair option. It sat there doing what seemed like nothing for a while. I declined the System Restore option at first but eventually gave it a shot. It, again, didn't seem to do anything at first, but I ended up going three hours back. I tried removing things again, and the same problem happened.
I've run MalwareBytes again. The only infected file it found was kwrd.dll. I restarted the computer, and now I can't even get it to boot in Safe Mode. It keeps giving me this message: "STOP: c0000135 The program can't start because %hs is missing from your computer. Try reinstalling the program to fix this problem." I'll keep trying, but for the time being, I can't get any logs for you.
EDIT (12/26/11, 5:07 am EST): A little Google searching later, I've come to find that the above BSOD message is caused by AVG anti-virus, which my aunt had insisted we install on the computer before it completely bugged out. I've been following the steps to counter this with AVG's Rescue Disc (http://forums.avg.com/ww-en/avg-foru...=show&id=94159), but I can't get the file renaming step to happen. In other threads, people have vaguely recommended some other rescue discs, but I'm operating pretty blindly as it is.
Reply With Quote