Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing .dll File


  • Please log in to reply
8 replies to this topic

#1 VundoHater

VundoHater

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 30 March 2007 - 06:50 PM

Hello.

Recently I was attacked by a Vundo Trojan. I used the Vundo Fixer recommended by this site, but Vundo Fixer removed a .DLL file that Windows keeps warning me about every time I start my computer. Any ideas how to fix this? I can't reload Windows or anything because I do not have a Windows XP disk for this computer (bought from a notebook provider).

Any suggestions would be great.

Thanks.

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:08:46 AM

Posted 30 March 2007 - 06:51 PM

What's the .dll file called?

#3 amir2576

amir2576

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 30 March 2007 - 06:56 PM

You might need to change startup settings to avoid this message.Give more details about it.

#4 VundoHater

VundoHater
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 30 March 2007 - 07:01 PM

Hello.

The DLL file is C:/WINDOWS/system32/anpgajjc.dll

I don't know very much about the registry or anything, so I hope you can help. :thumbsup:

#5 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:08:46 AM

Posted 30 March 2007 - 11:32 PM

I think this may be from a remnant of the Vundo trojan. This trojan creates a DLL file in the Windows system directory and writes registry entries causing Windows to inject the file into winlogon.exe.

I recommend that you run some anti-spyware scans. Download AdAware SE Personal and Spybot S&D, install them and run their updaters to get the most recent signatures. Start your computer is Safe Mode and run full system scans with both programs (one after the other). Remove any infections it finds.

If that doesn't cure what ails you then post a HijackThis log in the HJT forum for assistance in removing it entirely.

Edited by Amazing Andrew, 30 March 2007 - 11:40 PM.


#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:11:46 AM

Posted 31 March 2007 - 08:55 AM

If this is a startup message, it's probably Windows informing you that it can't find the .dll from the Vundo trojan to launch it. This is a good thing, but can be annoying as all heck.

After following Amazing Andrew's advice, you can download this free tool to locate the bugger that's trying to launch it: http://www.mlin.net/StartupCPL.shtml

If the above tool doesn't find it, then try this free tool that looks in more locations (and is more complicated): http://www.microsoft.com/technet/sysintern...s/Autoruns.mspx

You'll be looking for an entry that specifies C:/WINDOWS/system32/anpgajjc.dll or just plain anpgajjc.dll somewhere in it's path.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 VundoHater

VundoHater
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 31 March 2007 - 12:13 PM

Hi.

Thanks. I will give it a try. :thumbsup:

#8 Nebon

Nebon

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rayleigh, Essex, England
  • Local time:03:46 PM

Posted 31 March 2007 - 12:27 PM

Cant you just remove that with HJT, in the 04's somewhere?

Edited by Nebon, 31 March 2007 - 12:28 PM.


#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:11:46 AM

Posted 31 March 2007 - 01:16 PM

Removing it via HJT is not recommended here. I'll wait for one of the more experienced members to explain it more fully.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users