Vista - Unknown dll in syswow64

The following .dll is shown as starting up the process(?) "dzdqmgkyetrqrf":

quflsiblczsu.dll. According to startup.exe, this dll is located in the syswow64 folder, but a search (including hiddens) comes up empty.

I have recently been the victim of a keylogger trojan and have run 2 separate programs to remove same : Spybot & Spyware Doctor.

Is this a legitimate .dll?? If not, how do edit the registry to prevent it from working??

Hi,

this dll looks like a random one. so its better to stop executing it.

Open regedit.exe and drill down to h key local machine\software\Microsoft\windowsnt\current verson\svchost in the right pane find netsvcs, and double click that if u find these strings there just delete that sting click ok.






then drill down to h key local machine\system\CurrentControlSet\Services, there u will find a service with that random string name. expand the service select parameters, in the right pane click on image path, Rename that .dll file into .bad. restart ur system.







Good luck u wiped the dll out

Thanks for the quick response. I followed your directions, but unfortunately the .dll is still executing.

Here's a picture of what is displayed in startup.exe:

[IMG]file:///C:/Users/Fredji/AppData/Local/Temp/moz-screenshot.jpg[/IMG][IMG]file:///C:/Users/Fredji/AppData/Local/Temp/moz-screenshot-1.jpg[/IMG]

Try run Malwarebytes and/or SuperAntiSpyware ASAP. After a quickscan and perhaps reboot there is reason to believe computer is cleaned up. Especially since you say current programs detected something - then those 2 should as well and then some. May be clean up better. Not that uncommon X tool cant remove infection 100%. How special tools make money

I assume it wont help to unregister dll-file, will keep coming back, over and over. Only showing you are still infected and Spy Doctor/Spybot need help Notice the change of names, you cant remove it so easy. If you know details of infection then you dont need programs, can do it all manually after research and pin pointing but who like that?

Startup by Mike Lin is the latest and greatest in startup detection? Dont think so. Try Autoruns from Sysinternals Autoruns for Windows There is no better and it shows a lot more and is updated. You can save output and post it here if not those 2 programs mentioned do the job. Or post Hijackthis/RSIT log. "Logon" is similar to what you posted. Unless you want confirmation computer "appear" clean there should not be reason to if removal is done properly.

Thanks for the help; I finally managed to track down the instruction area (run) in the registry and removed the offending line, restarted, and it's gone

As for the file changing names, I will run what you suggested and see what happens.

Thanks again.