Multiple spyware problems

Hi there, I am infamous for being a nag on here so sorry about that...

 

I believe my computer is being affected by spyware. Today randomly a popup came up that said Do you want to open or save g.js from adadvisor.net? I have no idea what prompted that to come up, but I assume its spyware.

 

Also in the norton history logs there is a listing of xdlqzl.dll under the source file rundll32.exe behaving oddly and being removed.  

 

  user/appdata/nate/local/apple computer/apple/xdlqzl.dll removed, is what Norton reads.

 

Now when I restarted my computer just now, some sort of windows error message came up saying that a specific module cannot be found in the location I listed above. Oddly enough this is the same area Norton said they fixed. This makes me think that Norton has not completely resolved the issue...because error messages are appearing that are in corrospondence with that file.

 

I really hope I can get some help on here, thank you. As of now I am running a full system Super Anti Spyware Scan.

 

I have a windows 7 Home premium system, and am running the newest version of Nortion internet security.

I would suggest you run your scans 9Norton and any other scan software) in Safe Mode. This will stop the malware from loading and protecting itself.

Ran a Malware Bytes, Super Anti Spyware and Norton Scan all in safe mode. Nothing new found and I still get the error message on regular startup. hmm?

Yesterday it happened to me....Norton deleted the xdlqzl.dll file. Now what can I do about that annoying pop-up?? It happens everytime I start the computer. Come on guys at Symantec....get the hint .... we need an additional solution.

Hey

 

i have a question, when you are using internet, are you being redirected to another webpage?

A lot of people have had a lot of problems with the Happili virus. It sounds like you are having that problem to me.

 

You can try this Tool from geekstop (otl.exe) and see if it will solve your problem.

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

 

regards

 

Sweman

No, I'm not having that problem. I just get the error message on startup.

I still need help with that annoying error message on start up when someone is available.

Is that pop up appearing in a browser window, or a windows error message?

 

If in a browser, which one and which version. You could disable all toolbars and browser add ons and then enable 1 at a time to see if you can find the culprit.

 

If a windows error message, run msconfig and click the startup tab. Disable everything there and enable 1 at a time to try to identify the problem.

 

 


GreatNate1312 wrote:

Hi there, I am infamous for being a nag on here so sorry about that...

 

I believe my computer is being affected by spyware. Today randomly a popup came up that said Do you want to open or save g.js from adadvisor.net? I have no idea what prompted that to come up, but I assume its spyware.

 

Also in the norton history logs there is a listing of xdlqzl.dll under the source file rundll32.exe behaving oddly and being removed.  

 

  user/appdata/nate/local/apple computer/apple/xdlqzl.dll removed, is what Norton reads.

 

Now when I restarted my computer just now, some sort of windows error message came up saying that a specific module cannot be found in the location I listed above. Oddly enough this is the same area Norton said they fixed. This makes me think that Norton has not completely resolved the issue...because error messages are appearing that are in corrospondence with that file.

 

I really hope I can get some help on here, thank you. As of now I am running a full system Super Anti Spyware Scan.

 

I have a windows 7 Home premium system, and am running the newest version of Nortion internet security.



 

Hi, GreatNate1312.  The g.js is a JavaScript file.  Adadvisor.net is an advertising-tracking company (tracking cookies).

 

The xdlqzl.dll and its "odd behaviour" running under rundll32.exe is typical confirmation for an active malware infection.  If NIS removed the file - and you are getting messages complaining about that - then the removal process NIS used to repair the infection is incomplete.  Thus, your problem is occurring because until the infection is removed completely - whatever remains will reinfect you in order to restore the infection to full working status.

 

 

Here is what I have found about the problem:

 

1. You are not alone.  There is an active investigation for this item going on at bleepingcomputer as well.  (Google "g.js from adadvisor.net" for more info.)

 

2. Whatever it is - it is so new that none of the standard utilities seem to be able to detect what-it-is as yet.

 

3. Whatever it is - it is very "smart".  Standard malware investigative tools used at bleepingcomputer are sorta-detecting "something" - but there's not much more info than that.

 

4. The experts at bleepingcomputer do think it's malware.  Investigations with the user there (who has the same problem as you) are current and ongoing.

 

 

Recommendations:

 

1. Report your problem to Symantec as a possible new virus infection:  https://submit.symantec.com/websubmit/retail.cgi

 

2. Track the thread at bleepingcomputer.  These guys are one of the best anti-malware teams in the world.  If there's a problem, they'll find it.  If it's a false alarm - they'll find out why that's happening as well.

 

3. Is your version of Java current and up-to-date?  There is a known weakness in older versions of Java that is being actively exploited by current malware.  You need the new Java to prevent infection/reinfection cycles.

 

 

 

Hope this helps.

 

Thank you very much for hat lengthly and helpful responce. I'm not exactly sure how to locate the virus file and upload it to the server.

update- I figured out how to find the .dll file by enabling hidden viewing. I was able to find the folder where the .dll file is supposed to be, but it wasn't there. The folder is there but the .dll isn't there. The folder is named apple and its under an apple computer folder. Now in this apple computer folder the folder in question(apple) was last updated two days ago, but as I said it's now empty. The other files such as quicktime and itunes were updated a few weeks ago before I cought this virus. So essentially the folder where this malware is supposed to be is there, yet the malware isn't actually there. I really need help with this issue.

My nag reputation is coming into play here...

 

HUGE UPDATE----I ran a full system Malware Bytes scan wich found some malware. here is what was found (It's some sort of registry malware)

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Apple (Trojan.Sefnit.Hap) -> Data: rundll32.exe "C:\Users\Nate\AppData\Local\Apple Computer\Apple\xdlqzl.dll",DllRegisterServer ->

 

GUESS WHAT-The popup at start up didn't com up, BUT...that darn folder named "apple" is still there were the malware was born. Any advise on this problem? I have underlined the folder in question I am speaking of above

 

Untitled.png


Sweman wrote:

Hey

 

i have a question, when you are using internet, are you being redirected to another webpage?

A lot of people have had a lot of problems with the Happili virus. It sounds like you are having that problem to me.

 

You can try this Tool from geekstop (otl.exe) and see if it will solve your problem.

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

 

regards

 

Sweman



An instance of a person not knowing what they are doing,   

 

OTL listed above is an advanced tool and won't fix anything without the knowledge of a Malware removalists that knows how to use them.

 

Quads


GreatNate1312 wrote:

My nag reputation is coming into play here...

 

HUGE UPDATE----I ran a full system Malware Bytes scan wich found some malware. here is what was found (It's some sort of registry malware)

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Apple (Trojan.Sefnit.Hap) -> Data: rundll32.exe "C:\Users\Nate\AppData\Local\Apple Computer\Apple\xdlqzl.dll",DllRegisterServer ->

 

GUESS WHAT-The popup at start up didn't com up, BUT...that darn folder named "apple" is still there were the malware was born. Any advise on this problem? I have underlined the folder in question I am speaking of above

 

Untitled.png


 

Some variantion on tracur

 

Quads

Hey Quads

 

I thought i was doing the right thing, i was acting from the information that was provided at that time, i am sorry if i went to far this time and went out side my knowledge zone this time. i hope you can understand that.

 

Sweman

The Apple folder will probably have something to do with iTunes, or a Quicktime player installed on your computer.

So all malware is off of my PC now?


GreatNate1312 wrote:

So all malware is off of my PC now?


I would say that if you have done multiple scans that come up clean, you are OK.

 

As I mentioned above, the Apple folder is for legitimate programs, and I have it on my PC for Quicktime player.