wotuzapi.dll and Software Distribution Service 3.0

[usfinecats]

I noticed my computer behaving mighty odd today and yesterday. I discovered
in the HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows
AppInit_Dlls that there were odd settings! (this setting is very bad
news, it causes dll's to get attached to everything!).

Also noticed in HKLM\Software\Microsoft\Windows\CurrentVersion\Run
more odd settings:

In both cases there were references to wotuzapi.dll, mokehohi.dll,
hewalots.dll,


Wotuzapi.dll is known maleware, I could not find references to the others.
When I tried to manually delete these values, they IMMEDIATELY were restored
, grr!

Fortunately, I had a "restore point" from just a few days prior and was able
to restore before they were installed. In the Restore Point tool it
indicated that a recent update was done by Software Distribution Service 3.0.


I don't know if Software Distribution Service 3.0 is the cause of this
wasted day, but restoring prior to it saved my bacon.

 

[David H. Lipman]

From: "usfinecats" <[email protected]>

| I noticed my computer behaving mighty odd today and yesterday. I discovered
| in the HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows
| AppInit_Dlls that there were odd settings! (this setting is very bad
| news, it causes dll's to get attached to everything!).

| Also noticed in HKLM\Software\Microsoft\Windows\CurrentVersion\Run
| more odd settings:

| In both cases there were references to wotuzapi.dll, mokehohi.dll,
| hewalots.dll,


| Wotuzapi.dll is known maleware, I could not find references to the others.
| When I tried to manually delete these values, they IMMEDIATELY were restored
| , grr!

| Fortunately, I had a "restore point" from just a few days prior and was able
| to restore before they were installed. In the Restore Point tool it
| indicated that a recent update was done by Software Distribution Service 3.0.


| I don't know if Software Distribution Service 3.0 is the cause of this
| wasted day, but restoring prior to it saved my bacon.
| --
| Gak -
| Finecats

You had "malware" and may still be infected !

I suggest you download, install and update Malwarebytes' Anti-Malware and perform a scan
of the platform.

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

[MowGreen]

All updates create a restore point with the title " Software
Distribution Service 3.0 ". The update (s) did not infect the system.
Although it's apparent that the restore point you used did not contain
whatever infected the system, suggest you follow Mr. Lipman's advice to
ensure the system is still clean.
First, empty the %temp% subfolder *after* rebooting the system and then
empty Internet Explorer's Temporary Internet Files to decrease the
amount of MBAM's scan and to protect against those locations containing
any "undesired" files.

To empty your User Account's Temp folder click Start > Run > enter
%temp%
Click OK.
Delete IE's TIF by opening Internet Options in the Control Panel so that
IE is closed when you do that.

MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

banthecheck.com
"Security updates should *never* have *non-security content* prechecked"