Fixed mljjh.dll

Status
Not open for further replies.

michaelper22

Posts: 20   +0
I downloaded a certain program, and about a day later, I noticed that my hard disk light was constantly blinking.

My initial reaction was to look through Task Manager and see if anything had an unusually high CPU usage; that didn't get me anything.

I then opened up Process Explorer, and looked at the one instance of RunDLL. To get more info about what it was actually doing, I went to Process Explorer's "View -> Lower Pane View", and selected "DLLs". That shined light on a strange looking DLL named mljjh.dll.

I tried to kill the RunDLL.exe process (right-click and select "Kill Process"), but it would keep on coming back. Since I normally run as a non-administrator user, I knew that mljjh.dll couldn't get further than my user's directory, and also couldn't write anywhere out side HKCU in the registry.

So I logged off my user, and logged back on as an admin. I then deleted the mljjh.dll file from my \Local Settings\Temp directory, and later deleted the one Registry key pointing to the rogue DLL.

The advice to remeber here is that malware will often hide behind a RunDLL process. Also, running as a least-priveleged-user account really does help.
 
Nothing too serious there, but there are one or two things that should be removed.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ALCMTR.EXE
cloaker.exe
intel_tweak3.cmd

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

c:\hp\bin\cloaker.exe
c:\hp\bin\intel_tweak\intel_tweak3.cmd
C:\WINDOWS\ALCMTR.EXE

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of michaelper22 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Done. The second file you asked me to delete didn't exist.

Could you enlighten me as to what function the files other than cloaker.exe do? (I researched clocker on my own.)
 
The O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE entry is still shoing up in your HJT log.

The files I asked you to delete aren`t particularly nasty, but they do phone home a lot with god knows what information and are therefore best got rid of.

Other than the above, your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of michaelper22 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
"If it ain't broke, don't fix it" - My computer seems to run semi-normally, so I'll let it stay.

Thanks for your help.
 
Status
Not open for further replies.
Back