Author |
Message |
Lobo
419Eater is my life
Joined: 04 Aug 2007
Posts: 368
Location: Adrift in cyberspace
|
Posted:
Wed Oct 29, 2008 2:48 am |
|
I have winpatrol installed on my laptop(XP SP2). I rebooted it earlier today, and since that time winpatrol keeps complaining about a new IE add-on.
the add-on is listed as :
C:\windows\system32\opnlJaWP.dll
I keep saying no to adding it, and it keeps popping up. I've tried a google search , with no results returned.
I haven't installed anything on the laptop today, just surfed the web.
Anyone have any ideas what this .dll is for? Is it safe to go in and remove? |
_________________ x8 x19
Lobo's List of Lads that can't spell F*CK:
DONT FULK WITH US PAUL !! Agent Monday Snipper
FORK YOUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU Moses Modese
"write to me and tell to me more about myself" KristinaLove
"i might be shit to another time which might be in 3weeks or 1month" Raymond Miller mass bait
"you will be pilled to death" Adamu Ibrahim
"why is western union hard this time please?" Mr. Morgan
JOIN THE PACK! |
|
|
|
bill2
Baiting Guru
Joined: 10 Sep 2006
Posts: 5495
Location: Yeah who can tell me where I am?
|
Posted:
Wed Oct 29, 2008 2:51 am |
|
|
|
|
Ex.
Nature's Asshole
Joined: 28 Dec 2007
Posts: 990
Location: Hell's Presidential Suite
|
Posted:
Wed Oct 29, 2008 4:33 am |
|
Firefox FTW. |
_________________ YOU ARE JUST A CHILD WHOO SIT BEHIND HIS COMPUTER MASSTERBATI NG FO HISS FAMILLY - D3nnis M4rk, my lost Safari.
JACK B QUICK YOU ARE NATURES ASHOLE DO NOT EMAIL ME ANYMORE OK - R0ger Jon3s (Right you are mate)
i much prefer s3x in the 4ss - B4rrister 0luwa
x28 x9
x97 (Updated 02/20/09) |
|
|
|
Lobo
419Eater is my life
Joined: 04 Aug 2007
Posts: 368
Location: Adrift in cyberspace
|
Posted:
Wed Oct 29, 2008 8:13 am |
|
@Ex I only use Firefox and have for some time . IE can kiss my...
Anyone have any suggestions as to how I can get rid of the damn dll??
I've tried going in through safe mode, couldn't rename or delete.
I used a couple of freeware utilities: Unlocker, & Fileutilities' "moveonboot".
Ran IE (ughhhh) and disabled the add-on in add-on manager.
In each case, it's still there after reboot. It's integrated with the winlogon service, so I'm not sure how to proceed... |
_________________ x8 x19
Lobo's List of Lads that can't spell F*CK:
DONT FULK WITH US PAUL !! Agent Monday Snipper
FORK YOUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU Moses Modese
"write to me and tell to me more about myself" KristinaLove
"i might be shit to another time which might be in 3weeks or 1month" Raymond Miller mass bait
"you will be pilled to death" Adamu Ibrahim
"why is western union hard this time please?" Mr. Morgan
JOIN THE PACK! |
|
|
|
Ex.
Nature's Asshole
Joined: 28 Dec 2007
Posts: 990
Location: Hell's Presidential Suite
|
Posted:
Wed Oct 29, 2008 8:19 am |
|
ah ok I apologize, I thought you were one of ...... you know ..... the Others. In any case, have you tried AVG? |
_________________ YOU ARE JUST A CHILD WHOO SIT BEHIND HIS COMPUTER MASSTERBATI NG FO HISS FAMILLY - D3nnis M4rk, my lost Safari.
JACK B QUICK YOU ARE NATURES ASHOLE DO NOT EMAIL ME ANYMORE OK - R0ger Jon3s (Right you are mate)
i much prefer s3x in the 4ss - B4rrister 0luwa
x28 x9
x97 (Updated 02/20/09) |
|
|
|
Lobo
419Eater is my life
Joined: 04 Aug 2007
Posts: 368
Location: Adrift in cyberspace
|
Posted:
Wed Oct 29, 2008 8:26 am |
|
Never mind folks. I DL'd hijackthis and it seems to have taken care of the problem.
Edit: no it didn't . Back to the drawing board... |
_________________ x8 x19
Lobo's List of Lads that can't spell F*CK:
DONT FULK WITH US PAUL !! Agent Monday Snipper
FORK YOUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU Moses Modese
"write to me and tell to me more about myself" KristinaLove
"i might be shit to another time which might be in 3weeks or 1month" Raymond Miller mass bait
"you will be pilled to death" Adamu Ibrahim
"why is western union hard this time please?" Mr. Morgan
JOIN THE PACK! |
|
|
|
wokabo
Master of Master Baiters
Joined: 23 Sep 2004
Posts: 825
Location: best beer country in onomatopoeia world
|
Posted:
Wed Oct 29, 2008 8:35 am |
|
The file name "opnlJaWP.dll" may indicate that it's a randomly generated name, so most probably it is produced (and contains) malware.
If you can trace the actual file back, store it in a password protected zip and send it to Symantec (or whatever AV you like better) for analysis. |
_________________
Fight My Brute |
|
|
|
Lobo
419Eater is my life
Joined: 04 Aug 2007
Posts: 368
Location: Adrift in cyberspace
|
Posted:
Wed Oct 29, 2008 9:07 am |
|
Seems to gone after this last reboot. I missed a few entries in the registry. Then had to stop winlogon, and delete the file before allowing the system to reboot.
(Just in case someone else needs to get rid of this &$q*$*# file...) |
_________________ x8 x19
Lobo's List of Lads that can't spell F*CK:
DONT FULK WITH US PAUL !! Agent Monday Snipper
FORK YOUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU Moses Modese
"write to me and tell to me more about myself" KristinaLove
"i might be shit to another time which might be in 3weeks or 1month" Raymond Miller mass bait
"you will be pilled to death" Adamu Ibrahim
"why is western union hard this time please?" Mr. Morgan
JOIN THE PACK! |
|
|
|
SlapHappy
Baiting Guru
Joined: 15 May 2006
Posts: 9612
Location: Floating up and down with happiness.
|
Posted:
Wed Oct 29, 2008 10:21 am |
|
Hmm. I was going to suggest turning off system restore before trying to remove it. Most malware will copy itself into system restore files, and re-infect the system when it's rebooted. If it comes back, try that. |
_________________ x Reven U., Fats Walla, Donny
x10 X2 MM:Mikex2, JohnK, D@rlington, Ob1, Armstrong, Ismail, TG&Friend
x3 Nancy, Security Guy, Robert Accra-Tamale
(19 mo.) Tina and Joe's Safari - Accra to Niger & Timbucktu
Z@ke & Charlie -Wulugu Or Bust Safari- Lagos to Paga & Tokwari X2 - 3800mi.
x3 H3ctor & C@leb - Yankar1 & Parakou
x2 Charles and Friend-Amsterdam to Vatican
Issac to Chad
Be A Cool Cat, Like Me Trophy Videos Cool Stuff
|
|
|
|
manbiteslion
Baiting Guru
Joined: 12 Dec 2007
Posts: 4816
Location: Connecting my chair and keyboard
|
Posted:
Wed Oct 29, 2008 9:15 pm |
|
Random name = shitware, pretty much guaranteed. Hijack This will remove the hook into IE but not necessarily the file itself.
Be wary, shitware like this tends to dig itself right in deeply, and can come back - it's like a cheating spouse, once the trust is gone, it's gone. Flatten and Rebuild if you possibly can (it has other benefits too, you'll be surprised how much faster your PC will be for a rebuild!) |
|
|
|
|
|