Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Not a valid Windows image...

  • Please log in to reply
3 replies to this topic

#1 kidkool88


  • Members
  • 3 posts
  • Local time:12:34 AM

Posted 30 April 2009 - 12:43 PM


This problem has actually been going on for a while now. About 2 and a half months ago, I was doing some manual virus removing and did a few things in the registry (which I'm pretty familiar with) and found this file C:\WINDOWS system32\noguhulu.dll to be a source for alot of my problems. I deleted it and any references to it in the registry, but now when my XP SP2 boots, every program that starts on boot-up gives the same error "Bad Image, The application or DLL C:\WINDOWS\system32\noguhulu.dll is not a valid Windows image. Please check this against your installation diskette." This same error comes up every time I run a program, regardless of what program it is. (i.e... firefox.exe - Bad Image etc...)

I've run AVG Free 8.0 scans in safe mode, Malwarebytes and AdAware free all completely updated and nothing comes up. No Google searches come back with ANYTHING on this file name. I don't really want to reformat if possible so I thought I'd throw this one out there and see if anyone had come across this problem or even heard of the file.

Thanks for any feedback in advance!

BC AdBot (Login to Remove)


#2 hamluis



  • Moderator
  • 56,558 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:34 AM

Posted 30 April 2009 - 02:10 PM

In general...when a reference is made to a file which no longer exists on a system...and which has a questionable status...I would assume that what's going on is a system startup reference to a malware item which has been removed from the system.

If I wanted to find/disable/eliminate said startup, I would use AutoRuns for Windows - http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

I would start with the Logon tab and move to other tabs only after I had done a careful search there.


#3 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:03:34 AM

Posted 30 April 2009 - 02:11 PM

You are still infected
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 kidkool88

  • Topic Starter

  • Members
  • 3 posts
  • Local time:12:34 AM

Posted 30 April 2009 - 03:37 PM

Well the file had actually come back on doing a search for it. I eliminated it and ran ComboFix before checking to see if that fixed the problem. CF removed about another 150 or so dlls in the same folder so I'm not sure which fixed it but problem solved. Powerful program, used it to kill a rootkit also on another machine...

Thanks for the link to AutoRuns, wasn't familiar with it before. Everything is in order there now. Appreciate your help!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users