what is this file C:\windows\Dzexaluxoc.dll

[Kalyanaraman S.]

i have been cleaning up my system and post clean-up, i do get an error
message "Cannot find the file C:\windows\Dzexaluxoc.dll; Module will not be
loaded". I do not know what this file does or what this module is all about !

I have tried finding it from another system that does not have such problem
and
still I am none the wiser. Any assistance would be greatly appreciated.

Cheers

Regards
Kalyanaraman S.

 

[R. McCarty]

It's not a standard component of Windows. If it were, then Windows
File Protection would automatically install a replacement. It's likely a
remnant startup call from some form of Malware. You can download
and install AutoRuns to locate where the start call is being made from.
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
*The other tip-off that it's "Bogus" is it's file location. Windows does
not normally store Dynamic Link Libraries in the \Windows path.

 

[PA Bear [MS MVP]]

You are seeing the affects of a hijackware infection!

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan!

2. WinXP ONLY!! => Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Guest]

PA Bear,

What are your facts for saying this is malware? It's just a guess. Could be
a trojan or a spyware file. Trojans aren't technically classed as malware.
Most just download other apps but malware disables antivirus programs &
other security measures

That Microsoft tool is downloaded via Windows Updates each month & don't
pick up a lot of items & only looks in the usual places

 

[nass]

i have been cleaning up my system and post clean-up, i do get an error
message "Cannot find the file C:\windows\Dzexaluxoc.dll; Module will not be
loaded". I do not know what this file does or what this module is all about !

I have tried finding it from another system that does not have such problem
and
still I am none the wiser. Any assistance would be greatly appreciated.

Cheers

Regards
Kalyanaraman S.

This is a Viral malware acting as backdoor for a Trojan!

You can look into your Windows Explorer and right click it to see the
properties of that file.

Go through these Cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the Non/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (off-line scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

You can download this tool "AutoRuns for Windows"
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
And remove the entry from here:

Locate this key:
[-]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = look in
the right pane/window and remove the entry for it
"C:\Windows\Dzexaluxoc.dll"

Run disk clean up then this command:
sfc /scannow

HTH,
nass

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^ http://www.nasstec.co.uk ^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 

[Guest]

Nass,

If the file is in the run key then it will be started with Rundll32.exe
otherwise it wouldn't do anything. If it's plugged in to the registry then
it will be in the Winlogon key not run & will require explorer.

--
SPAMCOP User

i have been cleaning up my system and post clean-up, i do get an error
message "Cannot find the file C:\windows\Dzexaluxoc.dll; Module will not
be
loaded". I do not know what this file does or what this module is all
about !

I have tried finding it from another system that does not have such
problem
and
still I am none the wiser. Any assistance would be greatly appreciated.

Cheers

Regards
Kalyanaraman S.

This is a Viral malware acting as backdoor for a Trojan!

You can look into your Windows Explorer and right click it to see the
properties of that file.

Go through these Cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button
called
[ Clear History ..] click on it to clear your History caches, then click
on
[Delete Files..] to delete Internet Files created over the time, click on
[
Delete Cookies...] to delete your cookies left by visiting websites.

Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
= Then try to Disable the Add-Ons on your Browser somehow installed on
your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there
Disable
the Non/Not Verified Plug-ins/Add-ons ( you need to Renable them
one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (off-line scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

You can download this tool "AutoRuns for Windows"
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
And remove the entry from here:

Locate this key:
[-]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = look
in
the right pane/window and remove the entry for it
"C:\Windows\Dzexaluxoc.dll"

Run disk clean up then this command:
sfc /scannow

HTH,
nass

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^ http://www.nasstec.co.uk ^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 

[Alister]

PA Bear,

What are your facts for saying this is malware? It's just a guess. Could
be a trojan or a spyware file. Trojans aren't technically classed as
malware. Most just download other apps but malware disables antivirus
programs & other security measures

That Microsoft tool is downloaded via Windows Updates each month & don't
pick up a lot of items & only looks in the usual places

I agree the Microsoft tool is limited, but I totally disagree with you
otherwise.
Malware is a general term for software programs that have been designed
with or can be used for malicious intent. These include viruses, worms
and Trojans.
A Trojan /is/ malware and PA Bear is quite correct to warn the OP about
its presence. A pedantic discussion on a point of semantics is not helpful.

Flame On!!

Alister

 

[Guest]

Alister,

Technically they aren't malware

Malware are malicions programs that disable antivirus etc. Trojans download
or open backdoors. Worms eat files & attach themselves to them

 

[Alister]

Alister,

Technically they aren't malware

Malware are malicions programs that disable antivirus etc. Trojans
download or open backdoors. Worms eat files & attach themselves to them

Hmm, not sure where you get your definition from.
My understanding has always been that Malware is a blanket term for
/any/ malicious software - that's where the term comes from. I have used
it as such for many years, and it seems that this is the consensus:

http://www.yourdictionary.com/hacker/malware

Comes in many forms and can be any program or source code producing
output that the computer owner does not need, want, or expect. For
example, malware can be a remote access Trojan horse that can not only
open a back door to a remote computer but also control someone’s
computer or network from a remote location. Malware includes viruses,
worms, Trojan horses (that can, for example, spy on the system and
display ads when the user least expects it), and malicious active
content arriving through email or Web pages visited. These forms of
malware normally run without the knowledge and permission of the user.


http://en.wikipedia.org/wiki/Malware

Software is considered malware based on the perceived intent of the
creator rather than any particular features. Malware includes computer
viruses, worms, trojan horses, most rootkits, spyware, dishonest adware,
crimeware and other malicious and unwanted software. In law, malware is
sometimes known as a computer contaminant, for instance in the legal
codes of several U. S. states, including California and West Virginia.

Alister.

 

[nass]

Hi Cop,
It's not always the case, you can use the Linker to access other
applications for other developers on the OS even without having a complete
program written.
The Dynamically linked libraries as the name say a linker to an application
which the OS on boot UP read these DLLs and make the Programs/APPs ready to
be used after a boot up.

Improving Application Startup Time
http://msdn.microsoft.com/en-us/magazine/cc163655.aspx
<Q::>
Think in Terms of Scenarios Scenarios can help you focus on what is really
important. For instance, if you are designing a component that will be used
at startup, it is likely that the component will be called only once (when
the app starts). From a performance point of view you want to minimize the
use of external resources, such as network or disk, because they are likely
to be a bottleneck. If you don't take into account that the component will be
used at startup, you could spend time optimizing code paths without seeing
any significant improvement. The reason is that most of the startup time will
be spent loading DLLs or reading configuration files.
</Q::>

In the "OP" case the Process been terminated by the AV and still some linker
left on the start up and in the regitry need a manual interfention!

If it in the Winlogon, it means the machine is dead!!!
The OP will not be able to clean from inside windows as the Viral infection
install itself as Admin with FUll control on the machine. In some scenario if
the COde is destructive there is no way to clean the machine, the only way is
clean install and in some cases the malicious creater can go beyond that and
write OFF the HDD ( destroy the secotrs of the HDD).

Nass,

If the file is in the run key then it will be started with Rundll32.exe
otherwise it wouldn't do anything. If it's plugged in to the registry then
it will be in the Winlogon key not run & will require explorer.

--
SPAMCOP User

i have been cleaning up my system and post clean-up, i do get an error
message "Cannot find the file C:\windows\Dzexaluxoc.dll; Module will not
be
loaded". I do not know what this file does or what this module is all
about !

I have tried finding it from another system that does not have such
problem
and
still I am none the wiser. Any assistance would be greatly appreciated.

Cheers

Regards
Kalyanaraman S.

This is a Viral malware acting as backdoor for a Trojan!

You can look into your Windows Explorer and right click it to see the
properties of that file.

Go through these Cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button
called
[ Clear History ..] click on it to clear your History caches, then click
on
[Delete Files..] to delete Internet Files created over the time, click on
[
Delete Cookies...] to delete your cookies left by visiting websites.

Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
= Then try to Disable the Add-Ons on your Browser somehow installed on
your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there
Disable
the Non/Not Verified Plug-ins/Add-ons ( you need to Renable them
one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (off-line scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

You can download this tool "AutoRuns for Windows"
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
And remove the entry from here:

Locate this key:
[-]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = look
in
the right pane/window and remove the entry for it
"C:\Windows\Dzexaluxoc.dll"

Run disk clean up then this command:
sfc /scannow

HTH,
nass

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^ http://www.nasstec.co.uk ^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 

[David H. Lipman]

From: "SPAMCOP User" <spamcop_user@no_mail.haha>

| Alister,

| Technically they aren't malware

| Malware are malicions programs that disable antivirus etc. Trojans download
| or open backdoors. Worms eat files & attach themselves to them

| --
| SPAMCOP User

I'm sorry...
You are incorrect.

Malware is the high level name for all malicious software (aka; malicious code) such as
trojans, viruses, worms, exploitation code, etc. A malicious javascript is malware. A
malicious .CLASS file in or outside a Java Jar is malware. A malicious HTML file using a
form of IFrame is malware. The Conficker worm is malware. the Lovsa/Blaster worm is
malware. A macro in a MS Word document that causes all subsequent Word documents to
contain that macro is malware (macro virus).

Viruses are self replicating malware. They can be file infectors that insert, append or
prepend code to executables and spread through this action.
Other viruses may self replicate through the use of network protocols. These are Internet
worms. For example one that uses email via SMTP or one that uses NNTP. Many may use TCP
over IP or SMB protocols to spread as well. Other worms may spread via the use of the
AutoRun/AutoPlay features of the OS. They are AutoRun worms. Other viruses may use the
boot sector to spread with examples such as the "NYB" and "Form". many viruses can be
complex and use a variety of ways to to spread. The Conficker worm uses TCP/IP in a
vulnerability/exploitation vector as well as the AutoRun/AutoPlay capability.

Trojans and viruses can have the SAME payload. The difference is a trojan does NOT self
replicate. That is they need assistance to spread such as Social Engineering (the Human
Exploit) or the software vulnerability/explotation vector. Trojans can also "trojanize"
another file. That is a given trojan may insert, append or prepend code to a legitimate
file to make that legitimate file act maliciously. However once that file has been
trojanized it can infect or trojanize another file and that why it is not a virus.

If you had a piece of malware that opens a TCP port for remote access then you may call
that a remote access trojan (RAT). If that same piece of malware also had the ability to
infect another PC, spread, via TCP port 445 then it would be an internet worm (virus) that
had remote access capability.

Now when you say "...malicions programs that disable antivirus etc...". That is true.
That is a type of payload and is symptomatic of an infection. A trojan RootKit may do
this likewise a virus may do this as well. This would be an an example of malware's
tendencey for self preservation. The longer it exists on the infected/affected PC the
longer it may perform its function or payload. For example making your PC act as a zombie
spammer or making your PC act as a proxy server.

When you said "...Trojans download or open backdoors". That is also true but viruses can
and will do this as well.

When you stated "Worms eat files & attach themselves..." that is false. Worms self
replicate, spread, by worming their way through the use of network protocols such as in
TCP/IP or high level functionalities such as AutoPlay/AutoRun.

An example of an AutoRun worm would be something like the SillyFDC which will infect
removable read/write media. Insert a thumb drive in a PC infected with the SillyFDC and
it will install itself onto the thumbdrive. Remove said thumbdrive and insert it on
another PC and via the AutoPlay/AutoRun capability of the OS that PC will too become
infected.