What's "c:\windows\ajavuviy.dll"?

Question

I've got a computer spewing messages from RUNDLL about errors loading "c:\windows\ajavuviy.dll". Seems to happen mostly when idle and can generate probably 40-50 error windows pretty quick.

Google came up completely empty on this. Thinking it's probably malware related, but am unsure. Anyone run across it before?

score 7 · Answer 1 · answered May 15 '09 at 16:25

Assuming this is the Vundo I think it is (or at least, the Vundo we've been seeing by the metric fuckton around the office the last 2-3 weeks) it's a virus thats a pain to remove. It creates random DLL names, but deleting the DLL's just creates error message on startup, and it simply creates more random DLL's to load.

What you have to do to get rid of it completely:

1) Download Microsoft process explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx).

2) Expand the rundll process.

3) Delete the giberish DLL's attached to rundll (this will delete the part of the virus that keeps replicating)

4) Go into MSConfig and delete the startup entries for all DLL's of strange names.

5) reboot and the virus will no longer be able to replicate, since you delete its parents.

In order to remove it from startup, you could also use SysInternals Autoruns — Vincent Robert, May 15 '09 at 21:27

score 2 · Accepted Answer · answered May 15 '09 at 15:52

2

Try running the registry cleaner part of ccleaner - that will at least remove the possibility that it's just an artefact of something you've uninstalled.

answered May 15 '09 at 15:52

Adam

2,790
21
18

Appears that a previous virus scan already got the virus, but left a dangling DLL in the registry. A registry cleanup took care of the remaining error (which was truly just an error at this point). MANY good suggestions here, but this is the *most* correct in this particular instance! – Brian Knoblauch May 18 '09 at 14:29

score 1 · Answer 3 · answered May 15 '09 at 15:50

Right-click on it and get properties and look at the info in the Version tab. If it's empty then I'd place it under high suspicion. If there is info in there including the author / company, version #, date, etc. then it's more likely ok.

EDIT: PS - Make a copy of it and bang it against your favorite (up-to-date) virus/malware scanner.

score 1 · Answer 4 · answered May 15 '09 at 15:51

1

Viruses like to create DLLs with randomized names. This is most likely a virus. Do a scan immediately.

answered May 15 '09 at 15:51

Joseph

3,787
26
33

score 1 · Answer 5 · answered May 15 '09 at 15:52

If a Google search did not come up with anything (and it doesn't, I checked), it would be a relatively safe assumption that it is some sort of malware/spyware as many of them dynamically generate unique filenames. I would not think it is a "virus" though.

First thing I would do is run "msconfig" from start->run and look through your startup section to disable anything fishy and reboot.

You can also try to rename that dll to something like ajavuviy.dll.bak to see if anything breaks.

Run a good adware/malware scan such as Ad-Aware.

Ad-Aware doesn't find anything now (but it has in the past) on this box. — Brian Knoblauch, May 15 '09 at 15:57

score 1 · Answer 6 · answered May 15 '09 at 15:52

1

To be sure it's not malware, run the Microsoft Malware Removal tool, just by typing

 mrt.exe

in your search box / run box.

answered May 15 '09 at 15:52

splattne

28,348
19
97
147

What's "c:\windows\ajavuviy.dll"?

6 Answers6