Here are some notes from a recent spyware cleanup. The system came in and there were complaints that “Ron Ads by NetupBanner” kept coming up all the time as well as popups claiming that the dll c:windowssystem32nolomipu.dll is not a valid windows image – mismn.exe bad image.
I ran malwarebytes antimalware and that cleaned out a LOT…
I installed the new version of AVG (8.0) – AVG 7.5 had been on the system (fairly up to date (within 2 days)) Webroot Spysweeper was installed, but the subscription was expired. Internet Explorer is the primary browser.
then I started looking at the invalid image errors – here are the notes:
ron ads netupbanner
lot’s of popup errors at boot:
lsass.exe – bad image
the application or dll c:windowssystem32nolomipu.dll is not a valid windows image. please check this against your installation diskette.
And then for each program that you try to open after that as well…. the programs open anyway.
In the registry – I found an entry for nolomipu.dll in the HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows
hive at AppInit_DLLS there was c:windowssystem32nolomipu.dll,avgrsstx.dll
From that registry string value I removed nolomipu.dll, so that the value read c:windowssystem32avgrsstx.dll
At this point I ran combofix which deleted several pests including the nolomipu.dll file. Installed firefox and java update among other things. All seems to be clean I’m going to take one more look over things to verify.
Related PostsRelated Posts
- Services.exe running at 100% CPU and using 100s of MB of memory - Windows XP SP3 I came across an interesting one in the last few days. This system was a Windows XP system with current updates - SP3, IE 8.... and among other things there was a complaint of very sluggish behavior. I updated the antimalware software installed and ran scans. Malware Bytes antimalware actually......
- Sleuthkit - windows and linux file recovery http://www.sleuthkit.org/ Sluethkit... is a collection of tools for forensic analysis of a system. Usually it's something that would be done when you've had a suspected rootkit on the system and you boot to another operating system with sluethkit installed (maybe livecd/etc.) and want to try to analyze and hunt for......
- Microsoft August Updates Incidents.org has an initial list of the updates today from Microsoft, there is also a brief from Microsoft on the updates. It appears as though one is Powerpoint specific, another is Office releated, one is tagged as an Internet Explorer update and the rest Windows. More details later in the......
- Experiencing Slow Pc Performance? It seems that many people today can no longer live without their personal computer. However, despite its extreme demand these days, many pc owners are experiencing slow pc performance. Don't despair because there are ways to improve the performance of your pc. Registry files found in your computer are vital.......
- Top Internet TV Software Creates Super Computer Internet Television System Within Five Minutes For Life! Whatever the factors are to cutting Cable tv or Satellite internet TV, there are selections out there that can be applied to deliver the following finest matter to paid TV. World-wide-web TV software program is one choice to look at and probably the missing link to assisting newbies get pleasure......
- Install Interior Window Shutters to Cool Your House If you’re dealing with a lot of windows in your home and you are worried about keeping it cool inside, one of the best solutions is interior shutters. They will cost more than drapes, but they are easier to clean and much more permanent. The look of interior shutters can......
- C:\windows\system32\kernels64.exe not found
- Update on Long registry entries bug
- Cleaning up after WMF exploit – BHO removal
- Sharing contacts between Outlook and Outlook Express
- If the cumulitive IE patch fails to install