RunDLL trojan
RunDLL trojan
it started with,
yotkhyfx.dll
yayvVOeb.dll
on my startup, it has since doubled itself countless times and the more I try to remove it, a restart and its there again....
as an AV I run Kaspersky AV 2009, uninstaller and tried AVAST aswell, both tells me there is a problem, both cant seem to fix it.
the weird thing with this trojan ( i guess ) is the fact that once its loaded, or says its failed to load, I cant access any website, (IE,Firefox,Opera) but I can access p2p ports ect, and my pc cpu usage on explorer is at a constant 30 - 40%.
tried googling but the only website I found was some Chinese forum...
I'm running VISTA SP1 with all the latest updates ect, no other pc on the network has trouble going on any website.
any help would be appreciated, before I format my HD ( its a 500gb ) =/ I'm frankly clueless as to how I even got this thing on my pc.
yotkhyfx.dll
yayvVOeb.dll
on my startup, it has since doubled itself countless times and the more I try to remove it, a restart and its there again....
as an AV I run Kaspersky AV 2009, uninstaller and tried AVAST aswell, both tells me there is a problem, both cant seem to fix it.
the weird thing with this trojan ( i guess ) is the fact that once its loaded, or says its failed to load, I cant access any website, (IE,Firefox,Opera) but I can access p2p ports ect, and my pc cpu usage on explorer is at a constant 30 - 40%.
tried googling but the only website I found was some Chinese forum...
I'm running VISTA SP1 with all the latest updates ect, no other pc on the network has trouble going on any website.
any help would be appreciated, before I format my HD ( its a 500gb ) =/ I'm frankly clueless as to how I even got this thing on my pc.
E6600@2.9GHz, Asus8800 GTS, 2x2GB
Patriot DDR2 4-4-4-12 @ 900MHz
- hamin_aus
- Forum Moderator
- Posts: 18363
- Joined: 28 Aug 2003, 02:00
- Processor: Intel i7 3770K
- Motherboard: GA-Z77X-UP4 TH
- Graphics card: Galax GTX1080
- Memory: 32GB G.Skill Ripjaws
- Location: Where beer does flow and men chunder
- Contact:
Re: RunDLL trojan
I had this bugger in the beginning of the year.
I tried to beat it for about 2 weeks.
Eventually I gave up and reformatted.
I tried to beat it for about 2 weeks.
Eventually I gave up and reformatted.
Re: RunDLL trojan
I take it you tried removing the infection with KAV in safe mode?
Do you have UAC enabled? If not, enable it in safe mode
Do you have UAC enabled? If not, enable it in safe mode
I am 63% addicted to Counterstrike. What about you?
Re: RunDLL trojan
always give safe mode removal a go,
I'll see if uac makes something work
really strange that there is so few info about this little bugger on the internets
I'll see if uac makes something work
really strange that there is so few info about this little bugger on the internets
E6600@2.9GHz, Asus8800 GTS, 2x2GB
Patriot DDR2 4-4-4-12 @ 900MHz
-
- Registered User
- Posts: 2618
- Joined: 26 Apr 2007, 02:00
- Location: Westcliff, Johannesburg
- Contact:
Re: RunDLL trojan
make sure you don't have a keygen or something hiding the little bugger and update your antivirus in safe mode.
I am however temped the say format. Slow format as well (although it makes little difference)!
I am however temped the say format. Slow format as well (although it makes little difference)!
Soon Google will know everything...including how to divide by zero
Re: RunDLL trojan
uac didnt do a thing, it seems to have stopped once I changed the extensions of all the " virus " dll files, all I get now is on startup it says it fails to load and my internet works, still trying to fully remove it though, really strange as I have no idea how I got this on my pc.
E6600@2.9GHz, Asus8800 GTS, 2x2GB
Patriot DDR2 4-4-4-12 @ 900MHz
-
- Forum Administrator
- Posts: 22136
- Joined: 14 Jun 2004, 02:00
- Processor: Ryzen 1700K
- Motherboard: Asus X370
- Graphics card: Asus 1060 Strix
- Memory: 16GB RAM
- Location: Where Google says
Re: RunDLL trojan
I know this is a long shot but try enabling Windows Defender and let that doa full system scan. I have seen that remove some nasties that even my AV package could not remove...
JUSTICE, n A commodity which is a more or less adulterated condition the State sells to the citizen as a reward for his allegiance, taxes and personal service.
Re: RunDLL trojan
ran a full system scan and found nothing, even got the latest updates
E6600@2.9GHz, Asus8800 GTS, 2x2GB
Patriot DDR2 4-4-4-12 @ 900MHz
-
- Forum Administrator
- Posts: 22136
- Joined: 14 Jun 2004, 02:00
- Processor: Ryzen 1700K
- Motherboard: Asus X370
- Graphics card: Asus 1060 Strix
- Memory: 16GB RAM
- Location: Where Google says
Re: RunDLL trojan
Then I have no idea what you have running there... Best bet seems to be a format reinstall
Remember kids downloading arb pr0n gives you an infection so dont do it! Unless it is reliable ..
/please note that the pr0n bit is a joke
Remember kids downloading arb pr0n gives you an infection so dont do it! Unless it is reliable ..
/please note that the pr0n bit is a joke
JUSTICE, n A commodity which is a more or less adulterated condition the State sells to the citizen as a reward for his allegiance, taxes and personal service.
-
- Registered User
- Posts: 2618
- Joined: 26 Apr 2007, 02:00
- Location: Westcliff, Johannesburg
- Contact:
Re: RunDLL trojan
Le format.Nerevar wrote:ran a full system scan and found nothing, even got the latest updates
Soon Google will know everything...including how to divide by zero
Re: RunDLL trojan
Weird that someone would put a DLL in the startup as it would just bring up the open with dialog box.
yotkhyfx.dll and yayvVOeb.dll might be hiding and extension of yotkhyfx.dll .exe and yayvVOeb.dll.exe
with Dll icons
When you say its in start up is it in the startup programs folder ? or in the registry ?
I take it you are seeing this in the startup folder as you can see the DLL files.
if you go to control panel ---> Folder Options ---> View Tab
Untick Hide extensions of known file types. (IMO this should be default as this cause most security problems)
then check the files in start up again and check to see if they have exe extentions.
When you delete them and they come back do they come back with the same file name ? or are they random ?
Edit.
This is a temporary solution, I always use this and it works.
The stupid programs are just programs and are programatically programmed to do exact steps.
So by messing with its mission to mess with you you can mess with it HeHe.
Remove the user permissions on the startup folder.
I think in vista C:\Users\bla bla bla.
and in the registry.
Start then Run Type regedit click ok
goto keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Right click them and remove the user rights. (Be carefull dont remove admin rights please!)
otherwise you wont have permission to put it back.
Then try and find the rest of the program,
Some extra tips run the system as is and use Filemon and Regmon to monitor unknown tasks, and exclude Explorer and all the nusual ones you should quickly find the source.
yotkhyfx.dll and yayvVOeb.dll might be hiding and extension of yotkhyfx.dll .exe and yayvVOeb.dll.exe
with Dll icons
When you say its in start up is it in the startup programs folder ? or in the registry ?
I take it you are seeing this in the startup folder as you can see the DLL files.
if you go to control panel ---> Folder Options ---> View Tab
Untick Hide extensions of known file types. (IMO this should be default as this cause most security problems)
then check the files in start up again and check to see if they have exe extentions.
When you delete them and they come back do they come back with the same file name ? or are they random ?
Edit.
This is a temporary solution, I always use this and it works.
The stupid programs are just programs and are programatically programmed to do exact steps.
So by messing with its mission to mess with you you can mess with it HeHe.
Remove the user permissions on the startup folder.
I think in vista C:\Users\bla bla bla.
and in the registry.
Start then Run Type regedit click ok
goto keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Right click them and remove the user rights. (Be carefull dont remove admin rights please!)
otherwise you wont have permission to put it back.
Then try and find the rest of the program,
Some extra tips run the system as is and use Filemon and Regmon to monitor unknown tasks, and exclude Explorer and all the nusual ones you should quickly find the source.
Re: RunDLL trojan
I removed them from startup and registry but they keep coming back under diffrent names, like I deleted those 2 and the next reboot, there they are again, I'll give all of that a go when I get home thanks
E6600@2.9GHz, Asus8800 GTS, 2x2GB
Patriot DDR2 4-4-4-12 @ 900MHz
- Prime
- Registered User
- Posts: 27729
- Joined: 01 Mar 2004, 02:00
- Location: Getting into trouble
- Contact:
Re: RunDLL trojan
Its been along time since i've had a virus so i may be very wrong and i might have missed mention of it in this thread but what about a removal tool?
- Prime
- Registered User
- Posts: 27729
- Joined: 01 Mar 2004, 02:00
- Location: Getting into trouble
- Contact:
Re: RunDLL trojan
Any idea what virus this actually is? I'm looking at a pge of google results for rundll trojan.
-
- Registered User
- Posts: 48
- Joined: 19 Nov 2007, 02:00
- Contact:
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
Re: RunDLL trojan
bull-something... that would be repackaged bitdefender with some really simple spam filtering and a none-too-secure f/wall thrown into the mix...Treeoflife wrote:very good A/V bullguard
ie, don't touch unless you're into masochism...
iirc, these folks even used a link-redirect from eset to bump sales
Most people would sooner die than think; in fact, they do so - Bertrand Russel