PDA

View Full Version : suspicious looking .dll files


Phenom23
2009-12-03, 12:38
Hey guys i downloaded winpatrol and after viewing it i found a few suspicious looking files and i got worried so i decided to post them and see if they were harmful or not..

Here is the first one :

Program: YUBOSUKU.DLL Program Description: yubosuku Type: HIDDEN
C:\WINDOWS\SYSTEM32\YUBOSUKU.DLL

The other 2 suspicious looking ones are :

1.
Title: sezufaho Command: sezufaho.dll Type: APPINIT_DLL
Startup Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs
C:\PROGRA~2\SEZUFAHO\SEZUFAHO.DLL

2.
Title: beziseno Command: beziseno.dll Type: APPINIT_DLL

Startup Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs
C:\PROGRAMDATA\BEZISENO\BEZISENO.DLL

Thanks in advance
ken545
2009-12-06, 18:23
Hello Phenom23

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Yep there bad, your computer is infected.

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)