« previous next »
Pages: [1]   Go Down

Author Topic: Mal-Ware  (Read 2656 times)

0 Members and 1 Guest are viewing this topic.

Mortamus

  • Guest
Mal-Ware
« on: December 02, 2009, 12:53:11 AM »
I found some mal-ware on an XPsp2 machine called sinuzuta.dll. Avast did not catch this. Has anyone heard of it and if so is there anyway to get rid of it? I have tried running through the registry deleting every instance that I find but it replicates on reboot.
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37700
Re: Mal-Ware
« Reply #1 on: December 02, 2009, 01:01:44 AM »
http://www.prevx.com/filenames/390937124965927120-X1/SINUZUTA.DLL.html

Try this

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, click the button "remove selected" to quarantine anything found

SAS http://filehippo.com/download_superantispyware/

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

come back and post scan logs here

And update your WinXP to SP3. A total of 1,174 fixes have been included in SP3. when released in 2008 + all later fixes
 
« Last Edit: December 02, 2009, 01:07:29 AM by Pondus »
Logged

Mortamus

  • Guest
Re: Mal-Ware
« Reply #2 on: December 02, 2009, 01:47:30 AM »
cool thx will give it a go.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34065
  • malware fighter
Re: Mal-Ware
« Reply #3 on: December 02, 2009, 07:06:13 PM »
Hi Mortanus,

The filename SINUZUTA.DLL was last seen on 01.16.2009, and it is considered unsafe.
Threat name
Win32.X
Filename
[System32Root]\sinuzuta.dll
Filesize
Unknown
Last seen
01.16.2009
Status
Known as unsafe.
This file can perform following behavior.

- Usualy created by unsafe process.
- Registered as a Dynamic Link Library File.
- Usualy have random filename and refers to many versions of a dynamic link library.
- Can be injected/attached to the legitimate Windows process such as explorer.exe or other,SINUZUTA.DLL Language: English

Infected Platform: Windows 98, ME, NT, 2000, XP, Server 2003;

MD5 : ge38993lgi657vrf38993sadf7438krc3899334fd38993;

Update Time:2009-1-20 15:56:52;

Infected Times:389935

SINUZUTA.DLL File type: PE5SINUZUTA.DLL remove instruction

1. Temporarily Disable System Restore, Reboot computer in SafeMode;

2. Locate SINUZUTA.DLL virus files and uninstall SINUZUTA.DLL files program. Follow the screen step-by-step screen instructions to complete uninstallation of SINUZUTA.DLL.

3. Delete/Modify any values added to the registry related with SINUZUTA.DLL,Exit registry editor and restart the computer;

4. Clean/delete all SINUZUTA.DLLinfected file(s):SINUZUTA.DLL and related,or rename SINUZUTA.DLL virus files;

5. Please delete all your IE temp files with SINUZUTA.DLL manually,
run a whole scan with antimalware program like MBAM and/or SAS;

polonus


Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »