Virus

I edited my first post considerably. There were 2 friends, but 1 is unwilling to compromise or learn what to do and has resorted to abandoning her PC and using her laptop...

The friend who received a PUP was an older matter that I remedied myself, but never addressed the problem here. I have not seen that friend in many months and do not have the log file on the PUP's I had to remove.

Knowing this, I literally have nothing to show you from either person. Still I do not find it a bad idea to address the situation in case someone comes across the same thing.

Also, I am being accused in previous post of claiming the download of PWI for this. Those were never my words and instead the lack of reading my first post.

My statement is that a PUP hid itself with a PWI file name trying to avoid detection and work it's wonders. It was a while ago, but I believe I had to remove a root kit before I could fully remedy the situation with that PC. It was just a dormant virus I believe until PWI was installed. I don't know what's going on with my other friend, but I can't find out if she's not willing to.

This post is just me stating all I can remember from the past about the first incident. Never was it a claim about a malware infested download...

The download from my first friend was a browser download. That's all the info I can remember in that area.

Not looking for answers as I cannot give you the info to give one. It's now on record now of happening in some form.

SnarledHeal - Morai wrote: »

Everytime i start up my PWI launcher it says I got a Trojan horse from some file named packdll.dll now i dunno if this is really a trojan horse or what ever but like 3 months ago i didnt have this problem.
Thanks in advance

-Snarl

I would suggest at least trying to identify anything out of the ordinary on your PC. Most viruses are executable files, but that doesn't mean a virus can't be something else.

I would recommend a googling these 2 products. TDSSKiller from Kaspersky, and Malwarebytes. I would also suggest SuperAntiSpyware, but I have heard that they have changed how it works recently and takes the form of an AV now. Not sure, but 2 constant AV's will only make things worse.

Anyway, the first 2 are some good scanners that find what your AV cannot. If you come back to this thread, please follow a few steps to ease your mind.
Before that though... I am just assuming you are using Windows OS.
Save all your scan log files that show anything. They could be false positives, meaning you don't want to remove them, but they could be pretty nasty and need immediate action.
1. update your AV and run full scan
2. download and install the 2 programs I mentioned above and update them.
3. disconnect from your network.(if you are using an ethernet cord, just unplug it).
4. run the TDSSKiller scan to search for any root kits.
5. boot up in safe-mode and run malwarebytes full scan(a secondary spyware scanner would also be nice to have and run here)
6. boot up in normal viewing mode, run TDSSKiller once more if you found something the first time in either scan.
7. Run Malwarebytes and preferably a second spyware scanner-full scans. run your AV scan once more.
8. You may have to also delete Internet Explorer and reinstall it if you have a harmful .dll file

There is a scan that works tightly with IE, but I am at a loss of memory on the name of it currently.

If you ever believe you have a virus, it's worth taking steps 1-7 at the time you notice it.

FYI's: removing yourself from the network can help stop spread of harmful virus while infected.
Safe-mode runs without starting your programs in Windows. Ideally, while in safe-mode, you are scanning your drivers and basics for infection before programs get to them.
Many viruses moves like a spider's web. They only need your command to set root,(you know you gave that permission or not) from there it can spread like fire if left unattended.
Be wary of "friends". With one friendly e-mail, one can literally take control of your computer.

SylenThunder - Sanctuary wrote: »

You forgot the part about excluding the client from scans.
Because a lot of security software will find FALSE positives on the client.

A lot of programs can cause false positives. Since the OP is about a PUP virus that hid itself with a PWI file name. I see no reason to recommend not scanning anything without quite a bit of info. For all we know, this guy could have borrowed someones external HD to install PWI with added files.

Save scan logs, research anything you are unsure of. Get help if needed.