Ron Ads NetupBanner Popups and Invalid Image file c:\windows\system32\nolomipu.dll



Here are some notes from a recent spyware cleanup. The system came in and there were complaints that “Ron Ads by NetupBanner” kept coming up all the time as well as popups claiming that the dll c:\windows\system32\nolomipu.dll is not a valid windows image – mismn.exe bad image.

I ran malwarebytes antimalware and that cleaned out a LOT…

I installed the new version of AVG (8.0) – AVG 7.5 had been on the system (fairly up to date (within 2 days)) Webroot Spysweeper was installed, but the subscription was expired. Internet Explorer is the primary browser.

then I started looking at the invalid image errors – here are the notes:


ron ads netupbanner

lot’s of popup errors at boot:

lsass.exe – bad image

the application or dll c:\windows\system32\nolomipu.dll is not a valid windows image. please check this against your installation diskette.

[ok]

services.exe same
avgrsx.exe
userinit.exe
explorer.exe
hpwuschd.exe
alcxmntr.exe
reader_sl.exe
jusched.exe
qttask.exe
hpcmpmgr.exe
kbd.exe
avgtray.exe
spysweeperui.exe
msmgs.exe
aro.exe
weather.exe
ctfmon.exe
wkcalrem.exe
hpqtra08.exe
osa9.exe
quickstart.exe
wkscal.exe
soffice.exe
soffice.bin

And then for each program that you try to open after that as well…. the programs open anyway.

In the registry – I found an entry for nolomipu.dll in the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
hive at AppInit_DLLS there was c:\windows\system32\nolomipu.dll,avgrsstx.dll

From that registry string value I removed nolomipu.dll, so that the value read c:\windows\system32\avgrsstx.dll

At this point I ran combofix which deleted several pests including the nolomipu.dll file. Installed firefox and java update among other things. All seems to be clean I’m going to take one more look over things to verify.

   Send article as PDF   

Similar Posts