DLL Error when booting

[ben]

when booting pc get error message "error loading
windows\system32\tbixqgxi.dll could not be found". When clicking ok error box
disappears and pc appears to work ok. Used search and file was not found
anywhere.

Any ideas?

Thanks,

ben

 

[Leonard Grey]

Malicious software ("malware") is installed on your computer.

Make sure that your anti-malware software is running, then download the
latest updates and run a full scan.

Effective anti-malware software starts automatically when your computer
starts, runs continuously in the background, and scans for all types of
malicious software. Without it, you're a sitting duck.

For now try scanning your system with /several/ of the better online
scanners, such as the scanner from Kaspersky Labs:

http://usa.kaspersky.com/products_services/free-virus-scanner.php

Download HijackThis from www.trendsecure.com. Run it, save a log, and
post the log at one of the many sites that support HJT, such as
spywarewarrior.com, bleepingcomputer.com, and http://aumha.net -- but
not here. Within a day you'll have step-by-step advice from an expert on
cleaning up any malware infestations.

Even the best detection and removal software can't fix every problem
caused by malware. If you are not able to remove the infection, you may
want to show the computer to a professional. You might need to erase
your hard drive and start over.

 

[Elmo]

when booting pc get error message "error loading
windows\system32\tbixqgxi.dll could not be found". When clicking ok error box
disappears and pc appears to work ok. Used search and file was not found
anywhere.

Any ideas?

Thanks,

ben

It's possible some malware was deleted by your a/v software, but the
reference to the file was not removed from the registry.

Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3,
type the name of the file into the search pane. Click "Find Next", and
when located, delete the reference to the file. Press F3 to continue
the search.

You can click File, Export, and save the entry to the Desktop. If you
remove it and there's a problem, double-click the .reg file you exported
to the Desktop and it'll be added to the registry again. You can create
a restore point before editing the registry too.

You could click Start, Run, type MSCONFIG, click OK, click the StartUp
tab, and deselect the item(s). When you restart the computer, you will
be warned that you're running in the Diagnostic mode; click to not alert
you again, and OK out. You won't see the message again. But I think
it's best to just remove the references from the registry.

 

[LURKER]

when booting pc get error message "error loading
windows\system32\tbixqgxi.dll could not be found". When clicking ok error box
disappears and pc appears to work ok. Used search and file was not found
anywhere.

Any ideas?

Thanks,

ben

When you see a *.dll in system32 that seems to be named with random characters, you have been, or most likelyare now
infected.

If it is missing, probably one of your anti virus / malware MAY have removed it, but not the HKLM "RUN" (or other
method of launching}. There are several trojans/Malware using the technique that "Every time you shutdown, they create
a clone of the *.DLL(s) with a new random name, then set in the registry one of several methods to launch it when the
machine restarts.

Some antivirus and anti-Malware tools can find them, but cannot successfully remove or quarantine them. After removal,
they start up again in seconds.

How to find out if you are infected:

Command prompt method is often best because some times they have attributes S and H set.

Command Prompt...
CD to
C:\WINDOWS\system32>

To see if any are hidden:
do command
DIR /Ash *.*
Handle then appropriately with the attrib command
ATTRIB -s -h [name of file]

Next...
dir *.dll /od

Long wait writing to screen. There are lots of file that will display as it sorts by date.



Sometimes you can see them with the Windows File Explorer.

View the ...\System32 files and sort by date. Look for "strange" named DLL, TMP, INI and DAT files with recent dates..

Note:
wpa.dbl is a critical Microsoft file that has recent date, often today's date.

If you have several of the strange named files, you have been infected for a while, and every time you reboot, you may
get a new one.

If you google the name, you usually get no hits, or no useful information at all on the name.

My experience is that these are extremely difficult to remove. That's why your antvirus may tell you it was removed.
It simply is back under a new name, or sometimes the same name. I usually find three of them that seem to be "dancing
together".


lurker