1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

O20 - AppInit_DLLs - HJT included

By TimeParadoX ยท 6 replies
Jul 18, 2008
  1. I recently reformatted my computer after a few problems with my Windows being corrupted with bad updates, I reinstalled all the programs I need ( antivirus and firewall ) and my games. I did a scan with HJT to see if any problems after the reinstall, although nothing major was found I saw a entity I never seen in a HJT log I've read.

    In the HJT log it says: "O20 - AppInit_DLLs" but that's it, it has no included information but that. I read on google that it could be a possible infection of sorts, but they never really told me how to check if it was or not.

    Does anyone know how to check it to see if it's a problem? Also, could someone double check my log to make sure there wasn't anything I missed?
  2. CCT

    CCT TS Evangelist Posts: 2,653   +6

    I believe you are just seeing a NEW category (application initiated DLL's) under which you have none running.
  3. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

    Oh... Well if that's the case, thank you.
  4. CCT

    CCT TS Evangelist Posts: 2,653   +6

  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    The AppInit_DLLs registry value contains a list of dlls that will be loaded when user32.dll is loaded (hjt may not always show them all either)

    Though malware (especially vundo) will often use this key. There isn't a left over from a malicious file or it would say xxxxxxxx.dll (file missing)

    It doesn't matter if you fix it or not - I would leave it be

    Unless you are having problems then we could dig deeper into the registry
  6. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

    I did have a problem with Vundo and Virtumundo awhile back, I was hosting a server on my computer ( FTP ) so I had to disable my AV and Firewall for it to work. After about a week of doing this I turned off the server and scanned and found about 7 viruses and VundoFix found a entity infected with Vundo.

    I did a scan with my Avast! yesterday and it didn't find it anything, I'll also try VundoFix, SmithFraudFix and VirtumundoBeGone.


    Nothing found with all three of the tools, so I guess the AppInit_DLLs is just a clean entity. If any problems do arise in the future I'll repost here. :)
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    These guys actually have one of the biggest collections of vundo definitions I have seen. May be worth a scan - it also picks up all kinds of spyware, adware, ect. Its free and probably the best scanner since ewido or AVGAS

    1. [​IMG] Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...