Hey there,
a photographer friend asked me to check their website for anything abnormal - she is using a Mac and got no problems, other people said they would get strange error messages with Windows machines. My anti virus software promptly announced that the site was up to no good which I told her.
However, I noticed that my Firefox slowed down massively and did some digging in my PC's registry and found that a file called
c:\windows\ilatoqa.dll
was in the run section. I was able to rename it and thought of nothing bad when today I noticed another file with a strange title:
c:\windows\arorujomurarana.dll
being called from a run section process named ilatoqa (!).
I tried to delete the registry entry and the file to no avail - registry entry re-appears, file is in use. Now I'm going to get after it with professional tools but wanted to report this strange files and their behaviour.
Anything else you need to know? Should I upload the file somewhere?
Cheers!

Suspicious DLL files
Started by
robur
, Apr 11 2009 09:07 PM
3 replies to this topic
#1
Posted 11 April 2009 - 09:07 PM
#2
Posted 11 April 2009 - 09:36 PM
It would probably be a good idea to read the FAQ and start a topic in Malware Removal with a log for our helpers to read... You can scan the files if you wish, but it is likely that you are only finding a small part of any infection that is there...
If you want to check the files: Please go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning and post the results in the topic you start in Malware Removal.
If you want to check the files: Please go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning and post the results in the topic you start in Malware Removal.
Budfred
Helpful link: SpywareBlaster...
MS MVP 2006 and ASAP Member since 2004
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
Helpful link: SpywareBlaster...
MS MVP 2006 and ASAP Member since 2004
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
#3
Posted 11 April 2009 - 09:55 PM
Hi,
-screen317
That site appears to be infected. Send me the site name via PM please so I may investigate it.a photographer friend asked me to check their website for anything abnormal
-screen317
Please consider donating to help support the continued prompt and excellent services of this site.
#4
Guest_Senbonzakura_*
Posted 13 April 2009 - 09:55 AM
If you want to check the files: Please go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning and post the results in the topic you start in Malware Removal.
An alternative is VirusTotal