HJT entry interpretation

By chriswarren
Aug 28, 2008
  1. Hi,

    Can anyone advise whether the following HJT entries are suspicious:

    O4 - HKLM\..\Policies\Explorer\Run: [qX8MXgD0xj] C:\Documents and Settings\All Users\Application Data\qbgnwnir\kzyzajat.exe

    O21 - SSODL: ApiMnt - {3BEC3050-8B2F-5E91-FCBF-08891E626AE7} - C:\Program Files\eylqvab\ApiMnt.dll

    Many thanks,
  2. rf6647

    rf6647 TS Maniac Posts: 829

    I consider both items suspicious.

    HJT changes are reversible. Castlecops site indicates listing o21 findings means it does not appear on the whitelist.

    I suggest that you follow Malware Removal Procedure in this forum.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I agree on that. I couldn't identify anything in either entry. That makes them 'suspicious' Chance are you have other entries you're not catching..
  4. AurelloSoft

    AurelloSoft TS Rookie Posts: 30

    How do you figure it's not suspicious?
    qX8MXgD0xj ... qbgnwnir\kzyzajat.exe
    ( All random file names & entries. Most legitimate programs use recognizable file names)

    C:\Program Files\eylqvab\ApiMnt.dll
    Is suspicious to me because after searching it, it turns up only 2 Results in Google. This post, and one other HJT Log. No legitimate files. Either it's a new program, or a new malware.

    I would recommend fixing both those items. If problems persist, post the log, or try undoing the actions.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...