GreatNate1312 wrote:
Hi there, I am infamous for being a nag on here so sorry about that...
I believe my computer is being affected by spyware. Today randomly a popup came up that said Do you want to open or save g.js from adadvisor.net? I have no idea what prompted that to come up, but I assume its spyware.
Also in the norton history logs there is a listing of xdlqzl.dll under the source file rundll32.exe behaving oddly and being removed.
user/appdata/nate/local/apple computer/apple/xdlqzl.dll removed, is what Norton reads.
Now when I restarted my computer just now, some sort of windows error message came up saying that a specific module cannot be found in the location I listed above. Oddly enough this is the same area Norton said they fixed. This makes me think that Norton has not completely resolved the issue...because error messages are appearing that are in corrospondence with that file.
I really hope I can get some help on here, thank you. As of now I am running a full system Super Anti Spyware Scan.
I have a windows 7 Home premium system, and am running the newest version of Nortion internet security.
Hi, GreatNate1312. The g.js is a JavaScript file. Adadvisor.net is an advertising-tracking company (tracking cookies).
The xdlqzl.dll and its "odd behaviour" running under rundll32.exe is typical confirmation for an active malware infection. If NIS removed the file - and you are getting messages complaining about that - then the removal process NIS used to repair the infection is incomplete. Thus, your problem is occurring because until the infection is removed completely - whatever remains will reinfect you in order to restore the infection to full working status.
Here is what I have found about the problem:
1. You are not alone. There is an active investigation for this item going on at bleepingcomputer as well. (Google "g.js from adadvisor.net" for more info.)
2. Whatever it is - it is so new that none of the standard utilities seem to be able to detect what-it-is as yet.
3. Whatever it is - it is very "smart". Standard malware investigative tools used at bleepingcomputer are sorta-detecting "something" - but there's not much more info than that.
4. The experts at bleepingcomputer do think it's malware. Investigations with the user there (who has the same problem as you) are current and ongoing.
Recommendations:
1. Report your problem to Symantec as a possible new virus infection: https://submit.symantec.com/websubmit/retail.cgi
2. Track the thread at bleepingcomputer. These guys are one of the best anti-malware teams in the world. If there's a problem, they'll find it. If it's a false alarm - they'll find out why that's happening as well.
3. Is your version of Java current and up-to-date? There is a known weakness in older versions of Java that is being actively exploited by current malware. You need the new Java to prevent infection/reinfection cycles.
Hope this helps.