wotuzapi.dll and Software Distribution Service 3.0
in [Security]
|
From: usfinecats on 2 Dec 2009 21:20 I noticed my computer behaving mighty odd today and yesterday. I discovered in the HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows AppInit_Dlls that there were odd settings! (this setting is very bad news, it causes dll's to get attached to everything!). Also noticed in HKLM\Software\Microsoft\Windows\CurrentVersion\Run more odd settings: In both cases there were references to wotuzapi.dll, mokehohi.dll, hewalots.dll, Wotuzapi.dll is known maleware, I could not find references to the others. When I tried to manually delete these values, they IMMEDIATELY were restored , grr! Fortunately, I had a "restore point" from just a few days prior and was able to restore before they were installed. In the Restore Point tool it indicated that a recent update was done by Software Distribution Service 3.0. I don't know if Software Distribution Service 3.0 is the cause of this wasted day, but restoring prior to it saved my bacon. -- Gak - Finecats
From: David H. Lipman on 2 Dec 2009 22:45 From: "usfinecats" <usfinecats(a)nospam.nospam> | I noticed my computer behaving mighty odd today and yesterday. I discovered | in the HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows | AppInit_Dlls that there were odd settings! (this setting is very bad | news, it causes dll's to get attached to everything!). | Also noticed in HKLM\Software\Microsoft\Windows\CurrentVersion\Run | more odd settings: | In both cases there were references to wotuzapi.dll, mokehohi.dll, | hewalots.dll, | Wotuzapi.dll is known maleware, I could not find references to the others. | When I tried to manually delete these values, they IMMEDIATELY were restored | , grr! | Fortunately, I had a "restore point" from just a few days prior and was able | to restore before they were installed. In the Restore Point tool it | indicated that a recent update was done by Software Distribution Service 3.0. | I don't know if Software Distribution Service 3.0 is the cause of this | wasted day, but restoring prior to it saved my bacon. | -- | Gak - | Finecats You had "malware" and may still be infected ! I suggest you download, install and update Malwarebytes' Anti-Malware and perform a scan of the platform. http://www.malwarebytes.org/mbam/program/mbam-setup.exe -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: MowGreen on 3 Dec 2009 14:48 All updates create a restore point with the title " Software Distribution Service 3.0 ". The update (s) did not infect the system. Although it's apparent that the restore point you used did not contain whatever infected the system, suggest you follow Mr. Lipman's advice to ensure the system is still clean. First, empty the %temp% subfolder *after* rebooting the system and then empty Internet Explorer's Temporary Internet Files to decrease the amount of MBAM's scan and to protect against those locations containing any "undesired" files. To empty your User Account's Temp folder click Start > Run > enter %temp% Click OK. Delete IE's TIF by opening Internet Options in the Control Panel so that IE is closed when you do that. MowGreen =============== *-343-* FDNY Never Forgotten =============== banthecheck.com "Security updates should *never* have *non-security content* prechecked" usfinecats wrote: > I noticed my computer behaving mighty odd today and yesterday. I discovered > in the HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows > AppInit_Dlls that there were odd settings! (this setting is very bad > news, it causes dll's to get attached to everything!). > > Also noticed in HKLM\Software\Microsoft\Windows\CurrentVersion\Run > more odd settings: > > In both cases there were references to wotuzapi.dll, mokehohi.dll, > hewalots.dll, > > > Wotuzapi.dll is known maleware, I could not find references to the others. > When I tried to manually delete these values, they IMMEDIATELY were restored > , grr! > > Fortunately, I had a "restore point" from just a few days prior and was able > to restore before they were installed. In the Restore Point tool it > indicated that a recent update was done by Software Distribution Service 3.0. > > > I don't know if Software Distribution Service 3.0 is the cause of this > wasted day, but restoring prior to it saved my bacon.
|
Pages: 1 Prev: can't modify local security settings Next: Allow user to run a program with admin privs |