Jump to content


ORUX[^ad.dll bad or not?

  • This topic is locked This topic is locked
2 replies to this topic

#1 sean74



  • New Member
  • Pip
  • 1 posts

Posted 17 July 2004 - 11:42 PM

Helping my uncle out with a CWS About Blank issue and this is what I have found so far.

-Found a magj.dll that seemed suspicious so I renamed it magj.bak in case it's something I need to keep
-Notepad.exe was missing (not sure if the file was infected and he lost it due to an anti-virus program deleting it, or if it was just a hard drive issue.
-"fixed" everything that was suspicious using hijack this, rescanned and a file called ORUX[^ad.dll keeps popping back up.

Does anyone have any idea which variant I'm dealing with? And how I'd go about fixing it?

Oh might be worth mentioning that I ran hijack this while using remote assistance so that's why the remote assistance process is showing up.

Looking through the various running processes I couldn't identify anything as not belonging, but it definately seems like something is running somewhere.. any files that I should suspect of being compromised, or did I overlook something?


Logfile of HijackThis v1.98.0
Scan saved at 6:58:47 PM, on 7/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\Desktop\Stuff\HijackThis.exe

O18 - Protocol: start - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\ORUX[^ad.dll

Edited by sean74, 18 July 2004 - 12:01 AM.

#2 nasdaq


    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,146 posts

Posted 22 July 2004 - 10:15 PM

Hello sean74

The log that you have posted is not complete.

Also you are running Hijackthis form a your desktop folder which is not recommended.

Do the following.

Create a new folder in your C: Drive
Name it C:\HJT or HijackThis.

Move HijackThis.exe to that new folder and run it from there.
Submit a complete log for review.

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 WinHelp2002


    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 18 September 2004 - 10:33 AM

Due to lack of response by the poster this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Former Microsoft MVP Posted Image 1999-2012
"There's no place like"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!