Computer Tips -Tech Info

Here are some notes from a recent spyware cleanup. The system came in and there were complaints that “Ron Ads by NetupBanner” kept coming up all the time as well as popups claiming that the dll c:windowssystem32nolomipu.dll is not a valid windows image – mismn.exe bad image.

I ran malwarebytes antimalware and that cleaned out a LOT…

I installed the new version of AVG (8.0) – AVG 7.5 had been on the system (fairly up to date (within 2 days)) Webroot Spysweeper was installed, but the subscription was expired. Internet Explorer is the primary browser.

then I started looking at the invalid image errors – here are the notes:

ron ads netupbanner

lot’s of popup errors at boot:

lsass.exe – bad image

the application or dll c:windowssystem32nolomipu.dll is not a valid windows image. please check this against your installation diskette.

[ok]

services.exe same
avgrsx.exe
userinit.exe
explorer.exe
hpwuschd.exe
alcxmntr.exe
reader_sl.exe
jusched.exe
qttask.exe
hpcmpmgr.exe
kbd.exe
avgtray.exe
spysweeperui.exe
msmgs.exe
aro.exe
weather.exe
ctfmon.exe
wkcalrem.exe
hpqtra08.exe
osa9.exe
quickstart.exe
wkscal.exe
soffice.exe
soffice.bin

And then for each program that you try to open after that as well…. the programs open anyway.

In the registry – I found an entry for nolomipu.dll in the HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows
hive at AppInit_DLLS there was c:windowssystem32nolomipu.dll,avgrsstx.dll

From that registry string value I removed nolomipu.dll, so that the value read c:windowssystem32avgrsstx.dll

At this point I ran combofix which deleted several pests including the nolomipu.dll file. Installed firefox and java update among other things. All seems to be clean I’m going to take one more look over things to verify.

Popularity: 1% [?]

   Send article as PDF   

• Remote tech support with anything - would I do it? I've tried to ask myself if I'd trust someone enough to let them run a remote session on my own desktop to solve a problem. I think the answer is "it depends". If you think about it, I do tech support for home users quite a bit and they let......
• Microsoft August Updates Incidents.org has an initial list of the updates today from Microsoft, there is also a brief from Microsoft on the updates. It appears as though one is Powerpoint specific, another is Office releated, one is tagged as an Internet Explorer update and the rest Windows. More details later in the......
• Sleuthkit - windows and linux file recovery http://www.sleuthkit.org/ Sluethkit... is a collection of tools for forensic analysis of a system. Usually it's something that would be done when you've had a suspected rootkit on the system and you boot to another operating system with sluethkit installed (maybe livecd/etc.) and want to try to analyze and hunt for......

• Top Internet TV Software Creates Super Computer Internet Television System Within Five Minutes For Life! Whatever the factors are to cutting Cable tv or Satellite internet TV, there are selections out there that can be applied to deliver the following finest matter to paid TV. World-wide-web TV software program is one choice to look at and probably the missing link to assisting newbies get pleasure......
• Install Interior Window Shutters to Cool Your House If you’re dealing with a lot of windows in your home and you are worried about keeping it cool inside, one of the best solutions is interior shutters. They will cost more than drapes, but they are easier to clean and much more permanent. The look of interior shutters can......
• How to Do Home Window Installation Replacing and installing windows can seem like a daunting and expensive task, but it can actually be incredibly simple to do yourself. When you do your own home window installation, you’ll be greatly cutting down on the costs since most of the cost of having windows installed is the labor.......

Similar Posts

• C:\windows\system32\kernels64.exe not found
• Update on Long registry entries bug
• Cleaning up after WMF exploit – BHO removal
• Sharing contacts between Outlook and Outlook Express
• If the cumulitive IE patch fails to install

This entry was posted on Thursday, December 4th, 2008 at 12:24 pm and is filed under Windows Tech Support. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.