3 replies to this topic

[robur]

Hey there,

a photographer friend asked me to check their website for anything abnormal - she is using a Mac and got no problems, other people said they would get strange error messages with Windows machines. My anti virus software promptly announced that the site was up to no good which I told her.

However, I noticed that my Firefox slowed down massively and did some digging in my PC's registry and found that a file called

c:\windows\ilatoqa.dll

was in the run section. I was able to rename it and thought of nothing bad when today I noticed another file with a strange title:

c:\windows\arorujomurarana.dll

being called from a run section process named ilatoqa (!).

I tried to delete the registry entry and the file to no avail - registry entry re-appears, file is in use. Now I'm going to get after it with professional tools but wanted to report this strange files and their behaviour.

Anything else you need to know? Should I upload the file somewhere?

Cheers!

[Budfred]

It would probably be a good idea to read the FAQ and start a topic in Malware Removal with a log for our helpers to read... You can scan the files if you wish, but it is likely that you are only finding a small part of any infection that is there...

If you want to check the files: Please go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning and post the results in the topic you start in Malware Removal.

[screen317]

Hi,

a photographer friend asked me to check their website for anything abnormal

That site appears to be infected. Send me the site name via PM please so I may investigate it.

-screen317