Posts Tagged ‘Virus’

BackgroundContainer.dll “not found” – How to fix

Monday, October 21st, 2013

On startup in a Windows PC if you get “The specified module not found … BackgroundContainer.dll”, this is what to do step-by-step.

The error is most likely caused by a computer virus infection so you must clean your system first…

1. Download ComboFix: ComboFix from Bleeping Computer and save it to your desktop.

2. Restart your computer in ‘Safe Mode’ (hit the F8 repeatedly as soon as the computer starts and select “safe mode with networking”

3. Run ComboFix in ‘safe mode’ (if you are on a Windows XP computer it may prompt you to install the Windows Recovery Console, this is normal) and let it finish all 50 stages.

4. After ComboFix has finished scanning restart your computer normally.

5. Download AutoRuns AutoRuns from Microsoft Technet (it is in a .zip file)

6. Extract AutoRuns from the .zip file to your deskstop and double-click autoruns.exe, this will launch AutoRuns.

7. In AutoRuns, select the “everything” tab in the main window, then go to “File” / “Find” and enter BackgroundContainer.dll in the dialog box.

8. Right-click on the BackgroundContainer.dll entry that AutoRun finds and select “delete”

9. Restart your computer.

This should resolve the annoying BackgroundContainer.dll startup error. Good luck!

Fake Anti-Virus Popups – This Is A Virus

Sunday, September 26th, 2010

I get a lot of experience removing computer viruses as a computer repair technician but rarely do I get to see a virus actually infect a computer “in the wild”. Two days ago my main computer, which is a fully updated Windows 7 PC with up-to-date antivirus, was infected by a drive-by virus (specifically the very nasty TDSS rootkit virus). The following is how the virus infected the computer and how I removed it.

I was downloading a file from Megaupload and another browser window popped open and started playing a video. The popup browser windows looked innocent enough but when I went to close it a warning dialog telling me to install up-to-date antivirus software immediately showed up in my system tray.

The best thing is that the warning misspelled the word Unauthorized as Unauthosrized:
fake anti-virus warning popup

Then I started getting a fake Windows Security Center window warning me that my computer had no anti-virus software installed:
fake security center popup

The virus begins with a trojan virus that installs itself into the c:\Users\Username\AppData\Local\Temp directory. The trojan then downloads many more infected files including a rootkit that is set to install itself as soon as you reboot your computer.

Here is the actual trojan file that installed itself:
popup virus identified

I immediately ran a full scan using Malwarebyte’s Anti-Malware which detected quite a few infected files (including the persistent TDSS rootkit) that the trojan attempted to install onto the computer.

This is what Malwarebytes detected and removed:
anti-virus popup virus removed

After I ran Malwarebytes I rebooted the computer, ran Malwarebytes again (it caught a few more infected files that tried to re-install themselves) and then I ran a full scan using AVG Free Anti-virus.

If you follow the above steps immediately after an infection you should be able to remove this virus with no problems.

Good luck!