tropicalexplorer Posted November 29, 2008 ID:36809 Share Posted November 29, 2008 Not sure if this question belongs here...Starting up my PC I get this rundll error "error loading c:\windows\system32\pujawewo.dll the specified module could not be found." This error started after running anti-malware and cleaning trojans as noted in the log below. To correct the problem, I go into regedit and tried to remove that registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pukosugove" which value is Rundll32.exe "C:\Windows\system32\pujawewo.dll",sAfter deleting this key, several seconds later the registry entry reappears...not sure why I cannot remove it. I tried renaming it, changing the data value and nothing works (even checked my permission level and I could delete other registry key values with no problems)...it keeps returning so every time I startup my pc that rundll error occurs...can someone please help?My anti-malware log is as follows:Malwarebytes' Anti-Malware 1.30Database version: 1433Windows 5.1.2600 Service Pack 311/28/2008 8:18:39 PMmbam-log-2008-11-28 (20-18-39).txtScan type: Full Scan (C:\|)Objects scanned: 379983Time elapsed: 1 hour(s), 42 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 3Registry Values Infected: 5Registry Data Items Infected: 2Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\jahamure.dll (Trojan.Vundo.H) -> Delete on reboot.c:\WINDOWS\system32\sosafimi.dll (Trojan.BHO) -> Delete on reboot.Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9c5ba725 (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9f6894b9 (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pukosugove (Trojan.Agent) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\sosafimi.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\sosafimi.dll -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\jahamure.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\erumahaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.c:\WINDOWS\system32\sosafimi.dll (Trojan.BHO) -> Delete on reboot. Link to post Share on other sites More sharing options...
exile360 Posted November 29, 2008 ID:36811 Share Posted November 29, 2008 Greetings and welcome to the forum. To get you fixed up please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. Good luck and safe surfing. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now