Rundll32 trojan AtBroker.exe SHELL32.dll Black Screen on boot

Thanks. Some trial & error but I recovered my system. Below is the method I used, not requiring a Windows disc nor recovery USB.

O/S Windows 7 Professional. 2 user accounts: 1x Administrator,  1x Non-Admin (set to launch into this account)

Boot to Advanced Boot Options [F8]
None of the Safe Modes worked for me, nor Last Known Good Config. Safe Mode with Command Prompt got to DOS but only into the Non-Admin account from which sfc cannot be run

Select Repair Your Computer
Select keyboard region
This allows you to enter an administrator account via password
Choose Select Command Prompt option

This led to X:\windows\system32 directory…running sfc from here works but does not resolve the issue because sfc needs to run on the drive containing Windows
The drive naming convention is different here than usual under a running O/S.  Find the Windows location by entering d:[ENTER], then DIR[ENTER]…look for <DIR> Windows & <DIR> Users in the file list
If you dont see it then try E:[ENTER], then DIR[ENTER] look for the same, then F:, etc…the right one will depend on how many physical drives are connected…in my case E: is my "C Drive" containing Windows

key:
sfc[SPACE]/scannow[SPACE]/offbootdir=e:[SPACE]/offwindir=e:\windows…replace "e" with the drive you identified above, [SPACE]is the space bar not the words

This still gave an error "Windows Resource Protection found corrupt files but was unable to fix some of them. Details are in the CBS.log windor\logs\CBS\CBS.log.", but I closed the DOS box, clicked Restart & my system came up.

Hello Dean,

I appreciate your patience in this matter.
Yes, this was False Positive detection.
I recommend you to use the Windows installation media to repair Windows boot.

Hello Dean,
I'm sorry to hear about this, please share a screenshot of the error message to assist you further. You can check the following link to see the instructions about taking the screenshot (http://support.avg.com/SupportArticleView?urlname=How-to-create-a-screenshot).
Best regards,
Alok.

I ran a virus scan today following multiple trojan infection warnings on rundll32. AVG asked to reboot following the scan, but during boot shows a windows error box for AtBroker.exe   "The program can't start because SHELL32.dll is missing from your computer. Try reinstalling the program to fix this problem". If I OK through that, the same error appears again but for explorer.exe, upon which the screen is black.  CTRL-ALT-DELETE allows the menu to select Start Task Manager,  but selecting that shows the same SHELL32.dll error but for taskmgr.exe. I tried powering off and booting via F8 to Safe Mode With Networking...but exactly the same sequence as above happens, I also tried booting to Last Known Good Configuration, and again the same sequence of errors appears. How can I restore the SHELL32.dll file which seems to have been removed by the AVG Scan?

Hello Dean,
What happened to your computer is really unfortunate. At this point there is one more thing which we can try, you can use AVG Rescue CD to recover your computer to boot or allow normal operation. Please follow the instruction (http://support.avg.com/SupportArticleView?urlname=How-to-use-AVG-Rescue-CD) to run AVG Recue CD and also I have escalated this case to our senior team, we will contact you once we receive a reply or in need of more information.
Best regards,
Alok.

Hello Dean,

We appreciate your immense efforts that you implemented in recovering your system.
Thank you for sharing the work-around here which would help other customers who are facing the same issue.
Please feel free to contact us if there is any issues with AVG.
Have a nice day!!!

Thanks. Some trial & error but I recovered my system. Below is the method I used, not requiring a Windows disc nor recovery USB.

O/S Windows 7 Professional. 2 user accounts: 1x Administrator,  1x Non-Admin (set to launch into this account)

Boot to Advanced Boot Options [F8]
None of the Safe Modes worked for me, nor Last Known Good Config. Safe Mode with Command Prompt got to DOS but only into the Non-Admin account from which sfc cannot be run

Select Repair Your Computer
Select keyboard region
This allows you to enter an administrator account via password
Choose Select Command Prompt option

This led to X:\windows\system32 directory…running sfc from here works but does not resolve the issue because sfc needs to run on the drive containing Windows
The drive naming convention is different here than usual under a running O/S.  Find the Windows location by entering d:[ENTER], then DIR[ENTER]…look for <DIR> Windows & <DIR> Users in the file list
If you dont see it then try E:[ENTER], then DIR[ENTER] look for the same, then F:, etc…the right one will depend on how many physical drives are connected…in my case E: is my "C Drive" containing Windows

key:
sfc[SPACE]/scannow[SPACE]/offbootdir=e:[SPACE]/offwindir=e:\windows…replace "e" with the drive you identified above, [SPACE]is the space bar not the words

This still gave an error "Windows Resource Protection found corrupt files but was unable to fix some of them. Details are in the CBS.log windor\logs\CBS\CBS.log.", but I closed the DOS box, clicked Restart & my system came up.

Hi I burned a rescue disc but on booting it just hangs at the bios check showing ISOLINUX 6.02 2013-10-13 ETCD . Enter doesn't do anything. Are there keyboard entries I should make?

Safe mode with command prompt worked for me. I still got the error when I logged in, but the dos prompt still popped up and i did sfc /scannow

I don't think so,  there are multiple users reporting AVG false positives on system files then bricking on rebooting in the same way. It's caused by AVG pushing out an upgrade from Av16 to Av17. Waiting for tech support to resolve