Author Topic: anyone know what these files are? ijenomozolo.dll and newM20.dll?  (Read 2503 times)

0 Members and 1 Guest are viewing this topic.

EG_cali

  • Guest
I recently noticed them on msconfig startup but I don't know what they are for and how they got in my system.  I located them in the registry as well as the files themselves.  I renamed the files for now and I think that prevented them from starting up.  But before I nuke them and edit the registry, any idea what they are for?

The internet has no info on these

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: anyone know what these files are? ijenomozolo.dll and newM20.dll?
« Reply #1 on: April 21, 2011, 09:48:21 AM »
Could you please do a scan with Malwarebytes Antimalware and post the log here?

Manual how to do: http://www.omidfarhang.com/computer/programs/malwarebytes-antimalware/usage
Twitter: OmidFarhangEn - OS: Manjaro KDE

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37619
  • Not a avast user
Re: anyone know what these files are? ijenomozolo.dll and newM20.dll?
« Reply #2 on: April 21, 2011, 10:04:47 AM »
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see

alternative
VirSCAN  http://virscan.org/
Jotti  http://virusscan.jotti.org/

EG_cali

  • Guest
Re: anyone know what these files are? ijenomozolo.dll and newM20.dll?
« Reply #3 on: April 22, 2011, 03:24:08 AM »
Hi Omid,

   your suggestion came back with one of them as a trojan.  Note I just changed the .dll to .dilla for now but at least it still checked all the files

Folders Infected:
c:\program files\relevantknowledge (Spyware.MarketScore) -> No action taken.
c:\program files\relevantknowledge\components (Spyware.MarketScore) -> No action taken.

Files Infected:
c:\documents and settings\admin\local settings\temp\v9dd5ips.exe (Trojan.Hiloti) -> No action taken.
c:\WINDOWS\newm20.dilla (Trojan.Hiloti) -> No action taken.
c:\documents and settings\admin\local settings\Temp\0.6343254182863006.exe (Trojan.Dropper) -> No action taken.

EG_cali

  • Guest
Re: anyone know what these files are? ijenomozolo.dll and newM20.dll?
« Reply #4 on: April 22, 2011, 03:25:33 AM »
Hi Pondus,  I uploaded the ijenomozolo.dll file and this is what it came out with - so I guess they are both malicious files. 


Antivirus    Version    Last Update    Result
AhnLab-V3   2011.04.22.00   2011.04.21   -
AntiVir   7.11.6.230   2011.04.21   -
Antiy-AVL   2.0.3.7   2011.04.21   -
Avast   4.8.1351.0   2011.04.21   -
Avast5   5.0.677.0   2011.04.21   -
AVG   10.0.0.1190   2011.04.21   -
BitDefender   7.2   2011.04.22   Gen:Variant.Kazy.3281
CAT-QuickHeal   11.00   2011.04.21   -
ClamAV   0.97.0.0   2011.04.21   -
Commtouch   5.3.2.6   2011.04.21   W32/Hiloti.J.gen!Eldorado
Comodo   8429   2011.04.22   TrojWare.Win32.Trojan.XPack.~gen1
DrWeb   5.0.2.03300   2011.04.22   -
eSafe   7.0.17.0   2011.04.20   -
eTrust-Vet   36.1.8284   2011.04.21   -
F-Prot   4.6.2.117   2011.04.21   W32/Hiloti.J.gen!Eldorado
F-Secure   9.0.16440.0   2011.04.22   Gen:Variant.Kazy.3281
Fortinet   4.2.257.0   2011.04.22   -
GData   22   2011.04.22   Gen:Variant.Kazy.3281
Ikarus   T3.1.1.103.0   2011.04.21   -
Jiangmin   13.0.900   2011.04.21   -
K7AntiVirus   9.97.4451   2011.04.21   Riskware
Kaspersky   7.0.0.125   2011.04.22   -
McAfee   5.400.0.1158   2011.04.22   -
McAfee-GW-Edition   2010.1D   2011.04.21   -
Microsoft   1.6802   2011.04.21   -
NOD32   6062   2011.04.22   -
Norman   6.07.07   2011.04.21   -
Panda   10.0.3.5   2011.04.21   -
PCTools   7.0.3.5   2011.04.21   -
Prevx   3.0   2011.04.22   -
Rising   23.54.03.06   2011.04.21   -
Sophos   4.64.0   2011.04.21   Troj/Hiloti-BW
SUPERAntiSpyware   4.40.0.1006   2011.04.22   -
Symantec   20101.3.2.89   2011.04.22   Trojan.Zefarch!gen4
TheHacker   6.7.0.1.180   2011.04.21   -
TrendMicro   9.200.0.1012   2011.04.21   -
TrendMicro-HouseCall   9.200.0.1012   2011.04.22   -
VBA32   3.12.16.0   2011.04.21   -
VIPRE   9081   2011.04.22   Trojan.Win32.Cimag.gk (v)
ViRobot   2011.4.21.4422   2011.04.21   -
VirusBuster   13.6.315.0   2011.04.21   -
Additional information
MD5   : 503768fc50580313f4d6157eb6d5fe56
SHA1  : 234d504b8c0628f63a381b0420a5fb4b9d886f4e
SHA256: 7d2154e643f7702166b3202afc3fc893692b52066df184e9849aa052df848068

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: anyone know what these files are? ijenomozolo.dll and newM20.dll?
« Reply #5 on: April 22, 2011, 09:40:25 AM »
Then let the Malwarebytes Antimalware to remove infections.

Before that, compress both files (plus others detected by Malwarebytes) and password protect them 'infected' and send it to virus [at] avast [dot] com
Twitter: OmidFarhangEn - OS: Manjaro KDE