wotuzapi.dll and Software Distribution Service 3.0

Discussion in 'Windows XP Security' started by usfinecats, Dec 3, 2009.

  1. usfinecats

    usfinecats Guest

    I noticed my computer behaving mighty odd today and yesterday. I discovered
    in the HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows
    AppInit_Dlls that there were odd settings! (this setting is very bad
    news, it causes dll's to get attached to everything!).

    Also noticed in HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    more odd settings:

    In both cases there were references to wotuzapi.dll, mokehohi.dll,
    hewalots.dll,


    Wotuzapi.dll is known maleware, I could not find references to the others.
    When I tried to manually delete these values, they IMMEDIATELY were restored
    , grr!

    Fortunately, I had a "restore point" from just a few days prior and was able
    to restore before they were installed. In the Restore Point tool it
    indicated that a recent update was done by Software Distribution Service 3.0.


    I don't know if Software Distribution Service 3.0 is the cause of this
    wasted day, but restoring prior to it saved my bacon.
    --
    Gak -
    Finecats
     
    usfinecats, Dec 3, 2009
    #1
    1. Advertisements

  2. From: "usfinecats" <>

    | I noticed my computer behaving mighty odd today and yesterday. I discovered
    | in the HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows
    | AppInit_Dlls that there were odd settings! (this setting is very bad
    | news, it causes dll's to get attached to everything!).

    | Also noticed in HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    | more odd settings:

    | In both cases there were references to wotuzapi.dll, mokehohi.dll,
    | hewalots.dll,


    | Wotuzapi.dll is known maleware, I could not find references to the others.
    | When I tried to manually delete these values, they IMMEDIATELY were restored
    | , grr!

    | Fortunately, I had a "restore point" from just a few days prior and was able
    | to restore before they were installed. In the Restore Point tool it
    | indicated that a recent update was done by Software Distribution Service 3.0.


    | I don't know if Software Distribution Service 3.0 is the cause of this
    | wasted day, but restoring prior to it saved my bacon.
    | --
    | Gak -
    | Finecats

    You had "malware" and may still be infected !

    I suggest you download, install and update Malwarebytes' Anti-Malware and perform a scan
    of the platform.

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Dec 3, 2009
    #2
    1. Advertisements

  3. usfinecats

    MowGreen Guest

    All updates create a restore point with the title " Software
    Distribution Service 3.0 ". The update (s) did not infect the system.
    Although it's apparent that the restore point you used did not contain
    whatever infected the system, suggest you follow Mr. Lipman's advice to
    ensure the system is still clean.
    First, empty the %temp% subfolder *after* rebooting the system and then
    empty Internet Explorer's Temporary Internet Files to decrease the
    amount of MBAM's scan and to protect against those locations containing
    any "undesired" files.

    To empty your User Account's Temp folder click Start > Run > enter
    %temp%
    Click OK.
    Delete IE's TIF by opening Internet Options in the Control Panel so that
    IE is closed when you do that.

    MowGreen
    ===============
    *-343-* FDNY
    Never Forgotten
    ===============

    banthecheck.com
    "Security updates should *never* have *non-security content* prechecked"





    usfinecats wrote:

    > I noticed my computer behaving mighty odd today and yesterday. I discovered
    > in the HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows
    > AppInit_Dlls that there were odd settings! (this setting is very bad
    > news, it causes dll's to get attached to everything!).
    >
    > Also noticed in HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    > more odd settings:
    >
    > In both cases there were references to wotuzapi.dll, mokehohi.dll,
    > hewalots.dll,
    >
    >
    > Wotuzapi.dll is known maleware, I could not find references to the others.
    > When I tried to manually delete these values, they IMMEDIATELY were restored
    > , grr!
    >
    > Fortunately, I had a "restore point" from just a few days prior and was able
    > to restore before they were installed. In the Restore Point tool it
    > indicated that a recent update was done by Software Distribution Service 3.0.
    >
    >
    > I don't know if Software Distribution Service 3.0 is the cause of this
    > wasted day, but restoring prior to it saved my bacon.
     
    MowGreen, Dec 3, 2009
    #3
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anita

    winlonon problems with shlwapi.dll & msgina.dll

    Anita, Sep 12, 2003, in forum: Windows XP Security
    Replies:
    0
    Views:
    236
    Anita
    Sep 12, 2003
  2. Bill Menees

    RSAEnh.dll == RSABase.dll on XP SP1?

    Bill Menees, Oct 7, 2003, in forum: Windows XP Security
    Replies:
    2
    Views:
    656
    Bill Menees
    Oct 8, 2003
  3. Bill Condie

    software distribution services

    Bill Condie, Sep 15, 2006, in forum: Windows XP Security
    Replies:
    1
    Views:
    189
    Bill Condie
    Sep 15, 2006
  4. Frank B Denman
    Replies:
    0
    Views:
    1,846
    Frank B Denman
    Nov 17, 2006
  5. Durward Rogers

    Restore Kernel32.dll dnsapi.dll powrprof.dll and wininet.dll

    Durward Rogers, Nov 13, 2009, in forum: Windows XP Security
    Replies:
    1
    Views:
    1,253
    Oceana
    Dec 12, 2009
Loading...

Share This Page