Windows Vista Forums

Unknown dll in syswow64

  1. #1


    Join Date : Mar 2009
    Posts : 3
    Vista Ultimate x64
    Local Time: 23:12

    Unknown dll in syswow64

    The following .dll is shown as starting up the process(?) "dzdqmgkyetrqrf":

    quflsiblczsu.dll. According to startup.exe, this dll is located in the syswow64 folder, but a search (including hiddens) comes up empty.

    I have recently been the victim of a keylogger trojan and have run 2 separate programs to remove same : Spybot & Spyware Doctor.

    Is this a legitimate .dll?? If not, how do edit the registry to prevent it from working??

      My System SpecsSystem Spec

  2. #2
    delphin's Avatar
    Join Date : Nov 2008
    Chennai
    Posts : 636
    Windows 7
    Local Time: 08:42
    india

     

    Re: Unknown dll in syswow64

    Quote Originally Posted by Fredji View Post
    The following .dll is shown as starting up the process(?) "dzdqmgkyetrqrf":

    quflsiblczsu.dll. According to startup.exe, this dll is located in the syswow64 folder, but a search (including hiddens) comes up empty.

    I have recently been the victim of a keylogger trojan and have run 2 separate programs to remove same : Spybot & Spyware Doctor.

    Is this a legitimate .dll?? If not, how do edit the registry to prevent it from working??
    Hi,

    this dll looks like a random one. so its better to stop executing it.

    Open regedit.exe and drill down to h key local machine\software\Microsoft\windowsnt\current verson\svchost in the right pane find netsvcs, and double click that if u find these strings there just delete that sting click ok.

    -untitled-jpg

    -untitled1-jpg


    then drill down to h key local machine\system\CurrentControlSet\Services, there u will find a service with that random string name. expand the service select parameters, in the right pane click on image path, Rename that .dll file into .bad. restart ur system.

    -untitled2-jpg

    -untitled3-jpg



    Good luck u wiped the dll out

      My System SpecsSystem Spec

  3. #3


    Join Date : Mar 2009
    Posts : 3
    Vista Ultimate x64
    Local Time: 23:12


      Thread Starter

    Re: Unknown dll in syswow64

    Thanks for the quick response. I followed your directions, but unfortunately the .dll is still executing.

    Here's a picture of what is displayed in startup.exe:

    [IMG]file:///C:/Users/Fredji/AppData/Local/Temp/moz-screenshot.jpg[/IMG][IMG]file:///C:/Users/Fredji/AppData/Local/Temp/moz-screenshot-1.jpg[/IMG]

      My System SpecsSystem Spec

  4. #4
    dk70's Avatar
    Join Date : Apr 2008
    Posts : 213
    Vista Ultimate x64 SP1
    Local Time: 05:12
    denmark

     

    Re: Unknown dll in syswow64

    Try run Malwarebytes and/or SuperAntiSpyware ASAP. After a quickscan and perhaps reboot there is reason to believe computer is cleaned up. Especially since you say current programs detected something - then those 2 should as well and then some. May be clean up better. Not that uncommon X tool cant remove infection 100%. How special tools make money

    I assume it wont help to unregister dll-file, will keep coming back, over and over. Only showing you are still infected and Spy Doctor/Spybot need help Notice the change of names, you cant remove it so easy. If you know details of infection then you dont need programs, can do it all manually after research and pin pointing but who like that?

    Startup by Mike Lin is the latest and greatest in startup detection? Dont think so. Try Autoruns from Sysinternals Autoruns for Windows There is no better and it shows a lot more and is updated. You can save output and post it here if not those 2 programs mentioned do the job. Or post Hijackthis/RSIT log. "Logon" is similar to what you posted. Unless you want confirmation computer "appear" clean there should not be reason to if removal is done properly.

      My System SpecsSystem Spec

  5. #5


    Join Date : Mar 2009
    Posts : 3
    Vista Ultimate x64
    Local Time: 23:12


      Thread Starter

    Re: Unknown dll in syswow64

    Thanks for the help; I finally managed to track down the instruction area (run) in the registry and removed the offending line, restarted, and it's gone

    As for the file changing names, I will run what you suggested and see what happens.

    Thanks again.

      My System SpecsSystem Spec

Unknown dll in syswow64

Similar Threads
Thread Forum
Operating system (unknown) on unknown local disk
I'm running Vista Ultimate 64 on a 500 Gig hard drive with 3 partitions.The problem is I marked one of the partitions,not Drive C, as "active" by...
General Discussion
tmp files in SysWOW64
I have 64bit Vista Premium and a rather big problem with it. In SysWOW64\config\systemprofile there's several HTTxxxx.tmp files, ranging from a...
Vista performance & maintenance
x64 vista running processes from syswow64 directory
Hi, I have C:\Windows\SysWOW64\calc.exe It runs fine If I copy it to C:\Windows\SysWOW64\calc2.exe It will run, shows up in taskmgr but never...
Vista General
Virus sysWOW64
Ive been searching everywhere for answers i have vista home premium with windows live care anti virus in perfect condition and it detected something...
Vista security
sysWOW64 backdoor malware exe's? vipconfig, vmakecab
A spyware program reports in the c:\windows\sys32 folder (NOT where these files are located, actually) 13 'system backdoor' executables in my month...
System Security
SysWOW64??
I located a spyware SYSLEM.EXE and sucessfully cleaned it.I found it in the folder "C:\Windows\SysWOW64\". But this folder seems to contain files n...
Vista General
SysWOW64 is 92 gb!!!
Hey I hope someone here can help me because I am completely lost.... I put VISTA on my brothers machine. (I run it on mine and have for a few...
General Discussion