Here are some notes from a recent spyware cleanup. The system came in and there were complaints that “Ron Ads by NetupBanner” kept coming up all the time as well as popups claiming that the dll c:windowssystem32nolomipu.dll is not a valid windows image – mismn.exe bad image.
I ran malwarebytes antimalware and that cleaned out a LOT…
I installed the new version of AVG (8.0) – AVG 7.5 had been on the system (fairly up to date (within 2 days)) Webroot Spysweeper was installed, but the subscription was expired. Internet Explorer is the primary browser.
then I started looking at the invalid image errors – here are the notes:
ron ads netupbanner
lot’s of popup errors at boot:
lsass.exe – bad image
the application or dll c:windowssystem32nolomipu.dll is not a valid windows image. please check this against your installation diskette.
And then for each program that you try to open after that as well…. the programs open anyway.
In the registry – I found an entry for nolomipu.dll in the HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows
hive at AppInit_DLLS there was c:windowssystem32nolomipu.dll,avgrsstx.dll
From that registry string value I removed nolomipu.dll, so that the value read c:windowssystem32avgrsstx.dll
At this point I ran combofix which deleted several pests including the nolomipu.dll file. Installed firefox and java update among other things. All seems to be clean I’m going to take one more look over things to verify.
Related PostsRelated Posts
- Remote tech support with anything - would I do it? I've tried to ask myself if I'd trust someone enough to let them run a remote session on my own desktop to solve a problem. I think the answer is "it depends". If you think about it, I do tech support for home users quite a bit and they let......
- Services.exe running at 100% CPU and using 100s of MB of memory - Windows XP SP3 I came across an interesting one in the last few days. This system was a Windows XP system with current updates - SP3, IE 8.... and among other things there was a complaint of very sluggish behavior. I updated the antimalware software installed and ran scans. Malware Bytes antimalware actually......
- The security of remote tech support (ultravnc sc or x11vnc with wrapper script) Well, I've got a nice way of doing "easy" one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see......
- Tech Support - Funny Video Series While surfing through Youtube, I stumbled across this fun-filled tech support video series. All of the videos are sure to give you good amount of chuckle. I liked all of them, but first one is my favorite. Surely a stress buster after a bad day in office :) Enjoy! Tech......
- How to Do Home Window Installation Replacing and installing windows can seem like a daunting and expensive task, but it can actually be incredibly simple to do yourself. When you do your own home window installation, you’ll be greatly cutting down on the costs since most of the cost of having windows installed is the labor.......
- Install Interior Window Shutters to Cool Your House If you’re dealing with a lot of windows in your home and you are worried about keeping it cool inside, one of the best solutions is interior shutters. They will cost more than drapes, but they are easier to clean and much more permanent. The look of interior shutters can......
- C:\windows\system32\kernels64.exe not found
- Update on Long registry entries bug
- Cleaning up after WMF exploit – BHO removal
- Sharing contacts between Outlook and Outlook Express
- If the cumulitive IE patch fails to install