Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

J4291131.dll Not Found


  • Please log in to reply
4 replies to this topic

#1 KateB

KateB

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 03 September 2007 - 04:05 AM

hallo, this is my first post, so please forgive if this is the wrong forum! I'm trying to clean up a friend's seriously infected and mucked up computer - we're getting on slowly (the first run of Spybot removed over 300 beasts!) but there are some real nasties like Virtumonde and Abetear A which I'll have a go at with HijackThis in the next few days and post appropriately.

Meanwhile, here is a silly thing which it would be nice to get rid of. On start-up, a RUNDLL window pops up saying it can't find
C:\Windows\system32\j4291131.dll
There is nothing to say what this belongs to and closing it makes it go away. Googling finds nothing about this dll.

Does anyone have an idea what this could be? Might it be something to do with Abetear or Virtumonde or Astakiller or MyWebSearch, all of which keep coming up?

We've run Spybot several times, also AdAware2007 (free), and RogueRemover, also Vundo, which hasn't completely worked.

The computer is a Dell running Windows XP Home, on NTL broadband with NTL antivirus/antispyware/firewall etc. This had been switched to manual update in July and forgotten about, with a very active teenager downloading all sorts of jolly stuff.... It's now set to update automatically, but there's still lots of crap in the system.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 03 September 2007 - 04:09 AM

Typically when you get a virus it makes an entry in your registry instructing your computer to run the virus everytime you start. Your antivirus found the virus and deleted it, but this entry is still in your registry, which is why you are getting the error message. Using the AutoRuns utility you should be able to locate this entry and delete it.

And definitely post a HijackThis log to make sure you're clean.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 KateB

KateB
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 03 September 2007 - 10:04 AM

thanks very much for that - I can't now get at the computer till Thursday (they promise to use Spybot and AdAware every day till then!) and will try then. Perhaps by then I'll have mastered how to run HijackThis as well! I'll post logs as appropriate then.

#4 buddy215

buddy215

  • Moderator
  • 13,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:16 AM

Posted 03 September 2007 - 11:32 AM

My web search removal instructions in link below.
http://www.pchell.com/support/mywebsearch.shtml

Super Antispyware removes a lot virtumonde/vundo malware.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Use the online scanner in the link below.
Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 KateB

KateB
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 03 September 2007 - 12:00 PM

thank you very much. Will do all these on Thursday, and post results after that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users