1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus in Roaming folder - PLEASE HELP!

Discussion in 'Virus & Other Malware Removal' started by MissMarieTM, Aug 5, 2010.

Thread Status:
Not open for further replies.
  1. MissMarieTM

    MissMarieTM Thread Starter

    Aug 5, 2010
    Hey there!
    Let me begin by saying I have Windows Vista, 32 Bit, Antivirus is Avast! Home.
    I was browsing the web today, looking at Geek furniture, (Honestly. I run a blog for geeks) and my Antivirus warned me when I visited a particular page, that a threat was found. I'm not sure if this was the cause, or if the problem was already there. Here's what's going on:

    After my computer slowing down VERY NOTICEABLY, on any program or process, I decided to reboot. When it started back up, it gave me the following error: "C:\Users\Aaron\Appdata\Roaming\Forfilesd.dll - Cannot be loaded, has a virus." So the first thing I did, was shut my computer off once again, and run System Restore. Not sure if that was the best thing to do, but it's been done. I restored it to two days ago, and rebooted. The same file error came up. So then I ran my Antivirus, specifically into the Roaming folder, and it came up clean. Now the dll file is currently in the Virus Chest of my Avast, and thus why I believe the Roaming folder came up clean. But my system is slowing to a crawl, and it is (of course) giving me the same error that the dll cannot be loaded every time I reboot. It is reading it as a Windows32 Malware-Gen. How do I fix this? How do I restore the file? Please help! :(
  2. CatByte

    CatByte Malware Specialist

    Feb 24, 2009

    Please do the following:

    Please download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
    • A window will open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    • Please post the contents of that file.


    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    Please include the contents of the following in your next reply:



    Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
    • Double click the exe file.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in reply.

    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/940992