Jump to content

audiode.dll


Recommended Posts

Hello, I'm new to this forum and tried for the first time your anti malware program in the hopes I could get rid of a VERY nasty problem.

The root cause seems to be a file called audiode.dll, and it was found in the windows\system32 folder on my husbands computer. I've been fighting with this file for almost a month now to no avail. I can't get rid of it.

So far for malware and antivirus removal, these programs can identify the problem but have been completely ineffective:

Spybot: Search and destroy

Spyhunter 3

Bit Defender

Kaspersky Anti Virus

Panda Security

Ad Aware (lavasoft)

Malware Bytes

File Assassin

There are a number of registry keys that resist removal of any kind, along with the file itself. This file ended up on my husbands computer via the pop up advertisements from PALTALK (just so you know), I was sitting next to him when it happened. Unfortunately, we were both hit with these fake antivirus programs at the same time, and I dealt with the problem on my computer first. I am wondering if that time interval is what caused the removal to have issues on his computer but not mine. I had to manually remove most of what got onto my system, which meant hours and hours of hunting through the registry etcetera.

I wish I could remember WTF I did to get audiode.dll OFF my system, because now, nothing I can do will get it off my husbands computer.

Any suggestions? This thing is seriously unfriendly. It likes to prevent automatic updates, prevent IE7 from opening at all, blocks the pop3 mail server (dos), prevents the running of "msconfig" and just about any other program it feels like.

Other noted behaviours:

Spybot: search and destroy, and Bit Defender cannot "see" the file in normal mode, only in safe mode. Spyhunter 3 spots it most of the time in normal mode, but every time in safe mode as well.

I do not want to format his computer. I want to destroy this thing.

Oh, it has been identified by different scanners as having a different name.

Vadagune

Vundo

Podahune

and all sorts of other names.

I need to go bang my head on my desk for a while.

Link to post
Share on other sites

MalwareBytes Log:

Malwarebytes' Anti-Malware 1.35

Database version: 1911

Windows 5.1.2600 Service Pack 2

3/28/2009 1:26:04 PM

mbam-log-2009-03-28 (13-26-04).txt

Scan type: Full Scan (C:\|)

Objects scanned: 163064

Time elapsed: 24 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 5

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0a13ffed-4be3-44ac-a629-b047a5cb0863} (Trojan.Downloader) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0a13ffed-4be3-44ac-a629-b047a5cb0863} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a13ffed-4be3-44ac-a629-b047a5cb0863} (Trojan.Downloader) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\audiode.dll (Trojan.Downloader) -> Delete on reboot.

NONE of the "delete on reboot" keys were deleted, nor was audiode.dll

Link to post
Share on other sites

Please follow these instructions (skipping any steps you are unable to complete) for posting in our Malware Removal - HijackThis Logs forum. If you cannot follow any of those steps, then please create a new topic in that forum explaining what happened when you tried to run each of the tools in the instructions, and the expert who helps you will be able to suggest steps to take to get the tools working.

Link to post
Share on other sites

Please follow these instructions (skipping any steps you are unable to complete) for posting in our Malware Removal - HijackThis Logs forum. If you cannot follow any of those steps, then please create a new topic in that forum explaining what happened when you tried to run each of the tools in the instructions, and the expert who helps you will be able to suggest steps to take to get the tools working.

Done.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.