Hi folks,
This is a infection with a modified version of the user32.dll created by a worm infection. Protection could be found by updating your Java version.
The cleansing method to be preferred is:
Deleting Malware Files using Recovery Console
On Windows NT, 2000, XP, and Server 2003 systems
This procedure allows the computer to restart by using the Windows installation CD.
1. Insert your Windows Installation CD in your CD-rom.
2. Press the restart button of your computer.
3. When prompted, press any key to boot from the CD.
4. When prompted on the Main Menu, type r to enter the recovery console.
(Note: On Windows 2000, after pressing r, type c to choose the Recovery Console in the repair options screen.)
5. When prompted, type your administrator password to log on.
6. Once logged in, type the drive that contains Windows in the command prompt that appears, then press Enter.
7. Type the drive that contains Windows, then press Enter.
8. Type the following, then press Enter:
del {Malware path and file name}
9. Repeat the above procedure for all files detected earlier.
10. Type exit to restart the system.
Removing Malware Keys from the Registry
This solution deletes registry keys/entries added by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs. Refer to this Microsoft article for more information about modifying your computer's registry.
1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter. /li>
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE
3. Still in the left panel, locate and delete the following keys:
o 1
o 3
o 8
o 9
4. Again in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>
CurrentVersion>Windows
5. In the right panel, locate and delete the entry:
{3 random characters}Init_Dlls = "nvaux32"
6. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>
CurrentVersion
7. In the right panel, locate and delete the following entry:
MID = "{random characters}"
8. Close Registry Editor.
Deleting the Malware File(s)
1. Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
2. In the Named input box, type:
%System%\adj.j
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)
3. In the Look In drop-down list, select the drive that contains Windows, then press Enter.
4. Once located, select the file then press SHIFT+DELETE.
5. Repeat steps 2-4 for the following file(s):
o %System%\devh.e2
o %System%\e.spa
o %System%\nvaux32.dll
o %System%\rdxz.e
o %System%\dllcache\user32.dll
Important Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers,
polonus