Jump to content

tropicalexplorer

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Not sure if this question belongs here... Starting up my PC I get this rundll error "error loading c:\windows\system32\pujawewo.dll the specified module could not be found." This error started after running anti-malware and cleaning trojans as noted in the log below. To correct the problem, I go into regedit and tried to remove that registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pukosugove" which value is Rundll32.exe "C:\Windows\system32\pujawewo.dll",s After deleting this key, several seconds later the registry entry reappears...not sure why I cannot remove it. I tried renaming it, changing the data value and nothing works (even checked my permission level and I could delete other registry key values with no problems)...it keeps returning so every time I startup my pc that rundll error occurs...can someone please help? My anti-malware log is as follows: Malwarebytes' Anti-Malware 1.30 Database version: 1433 Windows 5.1.2600 Service Pack 3 11/28/2008 8:18:39 PM mbam-log-2008-11-28 (20-18-39).txt Scan type: Full Scan (C:\|) Objects scanned: 379983 Time elapsed: 1 hour(s), 42 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 3 Registry Values Infected: 5 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\jahamure.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\sosafimi.dll (Trojan.BHO) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9c5ba725 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9f6894b9 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pukosugove (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\sosafimi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\sosafimi.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\jahamure.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\erumahaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. c:\WINDOWS\system32\sosafimi.dll (Trojan.BHO) -> Delete on reboot.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.