Hi--I hope this is the right place to ask this question and I apologize if it isn't.
Search and Destroy keeps popping up with the same message with a value change in the system startup global entry.
The entry says CPM3f90d587
The old data is Rundll32.exe "c:\windows\system32\nayazezi.dll",a
The new data is Rundll32.exe"c:\windows\system32\yujawohu.dll",a
Usually when I get a Spybot message and I haven't done anything serious, I deny the change and that's that. This time, I keep getting the message over and over again, even when I click on remember the decision (or whatever it says). What the heck do I do? How do I know what kind of change I am trying to deny?
I would appreciate some advice...
Rob

peggydog:

From the nayazezi.dll currently in the Rundll32.exe startup registry entry, I suspect that your system may be infected with Vundo (also known as Vundo Trojan, Virtumonde or Virtumondo). I suggest that you consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, making sure to post the HijackThis log produced from the above instructions.