Here are some notes from a recent spyware cleanup. The system came in and there were complaints that “Ron Ads by NetupBanner” kept coming up all the time as well as popups claiming that the dll c:windowssystem32nolomipu.dll is not a valid windows image – mismn.exe bad image.
I ran malwarebytes antimalware and that cleaned out a LOT…
I installed the new version of AVG (8.0) – AVG 7.5 had been on the system (fairly up to date (within 2 days)) Webroot Spysweeper was installed, but the subscription was expired. Internet Explorer is the primary browser.
then I started looking at the invalid image errors – here are the notes:
ron ads netupbanner
lot’s of popup errors at boot:
lsass.exe – bad image
the application or dll c:windowssystem32nolomipu.dll is not a valid windows image. please check this against your installation diskette.
And then for each program that you try to open after that as well…. the programs open anyway.
In the registry – I found an entry for nolomipu.dll in the HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows
hive at AppInit_DLLS there was c:windowssystem32nolomipu.dll,avgrsstx.dll
From that registry string value I removed nolomipu.dll, so that the value read c:windowssystem32avgrsstx.dll
At this point I ran combofix which deleted several pests including the nolomipu.dll file. Installed firefox and java update among other things. All seems to be clean I’m going to take one more look over things to verify.
Related PostsRelated Posts
- Microsoft August Updates Incidents.org has an initial list of the updates today from Microsoft, there is also a brief from Microsoft on the updates. It appears as though one is Powerpoint specific, another is Office releated, one is tagged as an Internet Explorer update and the rest Windows. More details later in the......
- The security of remote tech support (ultravnc sc or x11vnc with wrapper script) Well, I've got a nice way of doing "easy" one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see......
- Remote tech support with anything - would I do it? I've tried to ask myself if I'd trust someone enough to let them run a remote session on my own desktop to solve a problem. I think the answer is "it depends". If you think about it, I do tech support for home users quite a bit and they let......
- Top Internet TV Software Creates Super Computer Internet Television System Within Five Minutes For Life! Whatever the factors are to cutting Cable tv or Satellite internet TV, there are selections out there that can be applied to deliver the following finest matter to paid TV. World-wide-web TV software program is one choice to look at and probably the missing link to assisting newbies get pleasure......
- How to Do Home Window Installation Replacing and installing windows can seem like a daunting and expensive task, but it can actually be incredibly simple to do yourself. When you do your own home window installation, you’ll be greatly cutting down on the costs since most of the cost of having windows installed is the labor.......
- Tech Support - Funny Video Series While surfing through Youtube, I stumbled across this fun-filled tech support video series. All of the videos are sure to give you good amount of chuckle. I liked all of them, but first one is my favorite. Surely a stress buster after a bad day in office :) Enjoy! Tech......
- C:\windows\system32\kernels64.exe not found
- Update on Long registry entries bug
- Cleaning up after WMF exploit – BHO removal
- Sharing contacts between Outlook and Outlook Express
- If the cumulitive IE patch fails to install