Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.DLLs in System32, SysWOW64 Tampering with Internet Connection


  • Please log in to reply
3 replies to this topic

#1 xStrikex

xStrikex

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 25 June 2015 - 12:12 PM

Malwarebytes started going crazy on the 9th over files in core system folders.

 

Some examples of these files:

C:\Windows\System32\Aihuauzl64.dll

C:\Windows\System32\Aihuauzl.dll

C:\Windows\SysWOW64\Aihuauzl.dll

 

 

Finding the files:

   

These files were created on the system on Tuesday, ‎June ‎9, ‎2015. This was the same day I installed the game engine Unity editor and this was how I found these files. When I tried to launch the editor it would immediately crash. This was when I had Malwarebytes closed and not running. I uninstalled Unity multiple times until one time I launched Unity with Malwarebytes open and multiple notifications came up saying Malwarebytes has blocked C:\Windows\System32\Aihuauzl.dll as a HijackBoot. This specific file kept appearing. When I checked my folders I found other files with this Aihuauzl name.

 

Attempting to Fix:

 

Everything works fine on my PC, except the ability to open Unity without Malwarebytes open and blocking those files. I also can't play Arma 2 online because BattleEye (their anticheat and security) blocks the C:\Windows\System32\Aihuauzl.dll from running. After realizing this I changed the filetype of the Aihuauzl.dlls so I could remove them. After I removed them and restarted my computer I could not access the internet at all. Sometimes if I am not running Malwarebytes I can't use the internet as well. WIth malwarebytes open however, I am endlessly spammed with this blocking notification. I have tried adding exclusions to the files which helped nothing at all. With exclusions Unity and Arma behave in the same way.

 

I have ran:

 

Malwarebytes

HitmanPro

 

 

I would like to know:

 

Just what this thing really is. I can find nothing on google or history/information on who made these .dlls and where they came from. I installed Unity from the official website and it works fine with Malwarebytes open. This has really stumped me. I just want to know what it is and I will answer any questions that will help.

 

Thanks,

Mike

 

 

Edit: Just now I could not connect to Steam. As soon as I clicked login, Malwarebytes blocked C:\Windows\System32\Aihuauzl.dll. I could not connect to Steam until closing out of Malwarebytes.


Edited by xStrikex, 25 June 2015 - 12:22 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 PM

Posted 25 June 2015 - 01:58 PM

This file does appear as malware... you should have let MBAM quarantine it.

 

I would suggest you post this at MBAM forum ,as if it is a False positive they will need to fix it.

 

Go to  https://www.malwarebytes.org/support/

 

 

For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.

netsh interface ipv4 reset
netsh interface ipv6 reset
ipconfig /flushdns

WIN7/8.. Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 xStrikex

xStrikex
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 25 June 2015 - 03:29 PM

This file does appear as malware... you should have let MBAM quarantine it.

 

I would suggest you post this at MBAM forum ,as if it is a False positive they will need to fix it.

 

Go to  https://www.malwarebytes.org/support/

 

 

For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.

netsh interface ipv4 reset
netsh interface ipv6 reset
ipconfig /flushdns

WIN7/8.. Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.

 

 

 

 

 

 

Thank you for your reply. The Proxy was already unchecked. The Click Me on your post also does not have a link. Could you please repost? Thanks.


Edited by xStrikex, 25 June 2015 - 03:29 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 PM

Posted 26 June 2015 - 10:56 AM

http://windows7themes.net/download/winsockfix.bat
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users