Results 1 to 2 of 2

Thread: Trojan infection resulting in "bad image" prompts

  1. #1
    aug Guest

    Default Trojan infection resulting in "bad image" prompts

    All,

    I am helping a user troubleshoot an issue and I'm not sure where to go next. He is running the latest released 2009 build on Vista x64. The realtime scanner would go nuts after boot up, but it continually followed a cycle where one by one it would attempt to quarantine/rename one detection after anoher but never did resolve the threat. I then deselected the option for ZA to run a startup and used malwarebytes. It managed to clean everything after a reboot, however he still gets prompts that gives the name of several applications that have "bad image" (i.e. wmplayer.exe.....Bad Image) at the top of the dialog. The rest of the message reads c:\windows\system32\d3d92323232323.......is either not designed to run on Windows or has an error......and so forth. Below is a portin of the MB log and was wondering if anyone knew of any repair options as opposed to system restore or complete image restoration?

    C:\Windows\System32\btpanui32.dll (Trojan.Tracur) -> Delete on reboot.
    C:\Windows\System32\avrt323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\azroles3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\AzSqlExt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\AzSqlExt3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\AzSqlExt323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\bidispl32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\bitsperf323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

  2. #2

    Default Re: Trojan infection resulting in "bad image" prompts

    Hi aug,

    1) Update both ZA scanner and MBAM.

    2) Next boot to Safe Mode...instructions are available here.
    http://www.computerhope.com/issues/chsafe.htm#03

    3) Run a full scan with both scanners, one at a time. Remove all that is found.

    4) Restart your computer and you will get back to Normal Mode.


    If the above steps do not rid you of the "bad image" prompts, then I do suggest you visit ONE of the following sites for help. Registration is necessary.
    Icrontic: http://icrontic.com/forum/forumdisplay.php?f=57
    PCHF: http://www.pchelpforum.com/new-hijackthis-logs/
    TechMonkeys: http://www.techmonkeys.co.uk/forums/...cbaa9cf3d7e09e

    If you will, request specifically for my assistance (chiaz) as I'm a security analyst on those forums.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •