Hello, I have just bought my friends Acer Asipre 3600 laptop, and when I was done cleaning all the viruses out, a message popped up on startup saying, "Error loading C:\Windows\system32\icijfapv.dll
The specific module could not be found".
I've searched the web and found nothing, I also searched missing-dll.com and places like that. Still no luck
Seeing as there is no information on the internet available for this file I reckon it's probably one of the viruses that you cleaned out but it seems to be linked to the system.
All I can suggest is that you do a search through all your startup files (registry, services etc) for any reference of this file and then delete it.
Have you got a copy of HiJackThis?
[edit] It may well be worth formatting and starting a fresh after such a big infection. [/edit]
Not a dll I'm familiar with either to be honest. Since it's from a third party I'd consider the laptop to have been compromised in the past, and without knowing what state it was in and is in now, I'd personally wipe it and start from scratch.
whatever it is its not part of windows otherwise google would be able to find something on the name
with a used pc id advice you to always format the harddrive and reinstall windows as the first thing to do after buying... in fact id recomend to do the same with a new pc as well
Sounds like the remnants of the LOPvirus or variant/
Simple fix is edit the registry, you'll find it in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
it some form of ADhijack afiak, i had problem with a machine just this last week with the same thing.
It looks like you have killed the virus but have traces of functions of its operating proccedure.
As to you others, I cannot reformat because my friend doesn't have the CD anymore
EDIT: HijackThis log
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:21:55 PM, on 2/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal
Have you tried searching the entire registry for any reference to that file?
Also I recommend you download a copy of HijackThis. When you run the scan it will show you a list of your startup programs. Have a look down the list and see if you can see the file and then just delete it.
[edit] ooooh that log weren't there before lol [/edit]
[edit2] bloody hell. look at all that crap on startup! [/edit2]
[edit3]
all the ones that say (file missing) at the end, you are safe to delete. The one your looking for is here, O4 - HKLM\..\Run: [1d0f117a] rundll32.exe "C:\WINDOWS\system32\icijfapv.dll",b
You should be able to find it in the registry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre ntVersion\Run
[/edit3]
As long as you have the COA sticker on the laptop, then having or not having the CD is irrelevant. You can get the installation media from various locations, both dodgy and not dodgy, including Microsoft themselves (if you have access to msdn).
It's the licence that is important, not the CD.
There are various methods you can use to try and clean the PC, if you dont want to start from scratch;
* Ditch the AVG and Symantec/Norton AV, having them all is a bit mad
* Use SmitFraudFix to check the basics for infection
* Run through Trend Micro's housecall to pick up anything that might be inactive and straggling (yes, it's browser based, but it's the next best step)
* Get ahold of someone's installation CD and then run sfc /scannow, which will check and rewrite any system files that do not match the installation CD, but will not wipe the thing completely. You will have to redo all the updates
* Check every running process either using ProcessMon, or various other tools and confirm their validity using md5/sha1 hashes, if the producer makes them. If not remove them, ensure all files and entries are gone and then install them.
I'd suggest removing btdna, winwall and stardock as it is known that there have been iffy copies floating about from time to time, which contain crap. Whether or not you reinstall them from a trusted source, it's up to you, naturally
Update: did some research on it, and someone on another forum suggested that I look thought the registry editor. I looked through the registry editor and I saw, "1d0f117a". Did a search on that, and found it was left over spyware. Thanks for all your help everyone!