O20 - AppInit_DLLs - HJT included

[TimeParadoX]

I recently reformatted my computer after a few problems with my Windows being corrupted with bad updates, I reinstalled all the programs I need ( antivirus and firewall ) and my games. I did a scan with HJT to see if any problems after the reinstall, although nothing major was found I saw a entity I never seen in a HJT log I've read.

In the HJT log it says: "O20 - AppInit_DLLs" but that's it, it has no included information but that. I read on google that it could be a possible infection of sorts, but they never really told me how to check if it was or not.

Does anyone know how to check it to see if it's a problem? Also, could someone double check my log to make sure there wasn't anything I missed?

 

[CCT]

I believe you are just seeing a NEW category (application initiated DLL's) under which you have none running.

 

[TimeParadoX]

I believe you are just seeing a NEW category (application initiated DLL's) under which you have none running.

Oh... Well if that's the case, thank you.

 

[CCT]

Some further info - appears you DID get rid of something - that is a registry remnant I suppose;

http://wiki.castlecops.com/Malware_Removal:_Virtumundo

 

[Blind Dragon]

The AppInit_DLLs registry value contains a list of dlls that will be loaded when user32.dll is loaded (hjt may not always show them all either)

Though malware (especially vundo) will often use this key. There isn't a left over from a malicious file or it would say xxxxxxxx.dll (file missing)

It doesn't matter if you fix it or not - I would leave it be

Unless you are having problems then we could dig deeper into the registry

 

[TimeParadoX]

I did have a problem with Vundo and Virtumundo awhile back, I was hosting a server on my computer ( FTP ) so I had to disable my AV and Firewall for it to work. After about a week of doing this I turned off the server and scanned and found about 7 viruses and VundoFix found a entity infected with Vundo.

I did a scan with my Avast! yesterday and it didn't find it anything, I'll also try VundoFix, SmithFraudFix and VirtumundoBeGone.

-edit-

Nothing found with all three of the tools, so I guess the AppInit_DLLs is just a clean entity. If any problems do arise in the future I'll repost here.

 

[Blind Dragon]

These guys actually have one of the biggest collections of vundo definitions I have seen. May be worth a scan - it also picks up all kinds of spyware, adware, ect. Its free and probably the best scanner since ewido or AVGAS

1.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.