Two suspicious startups

User avatar
agibsonsw
SilverLounger
Posts: 2403
Joined: 05 Feb 2010, 22:21
Location: London ENGLAND

Two suspicious startups

Post by agibsonsw »

Hello.

I have these two start-up items and am a bit suspicious of them. I tried to disable them from CCleaner but they came back.

Rwuye rundll32.exe "C:\Users\Andrew\AppData\Local\KBDU102.dll",Startup
Kxuxole rundll32.exe "C:\Users\Andrew\AppData\Local\iwuzeqijiwawanub.dll",Startup


I didn't discover any info from a Google search.

I installed a couple of apps recently: PowerGUI and 'RJ TextEdit'(?), but don't know if they are related to these files.

Anyone come across these please? Andy.
"I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.

User avatar
Roderunner
5StarLounger
Posts: 1021
Joined: 23 Jan 2011, 01:52
Location: Witness Protection Program.

Re: Two suspicious startups

Post by Roderunner »

Hi Andy,
If you can locate the files, send them to http://www.virustotal.com/" onclick="window.open(this.href);return false; for analysis.
Windows 11 Home 22H2

Regards,
George.

User avatar
agibsonsw
SilverLounger
Posts: 2403
Joined: 05 Feb 2010, 22:21
Location: London ENGLAND

Re: Two suspicious startups

Post by agibsonsw »

Roderunner wrote:Hi Andy,
If you can locate the files, send them to http://www.virustotal.com/" onclick="window.open(this.href);return false; for analysis.
Thank you.

I updated and ran Malwarebytes Anti-Malware and it discovered these and fixed/quarantined them. I'll keep an eye on the start-ups to
see if they re-appear. (Microsoft Security Essentials didn't pick up on these..)

I'll run a full scan later/ over-night. Malwarebytes is a good app but a full scan takes hours!!

Cheers, Andy.
"I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.

User avatar
Roderunner
5StarLounger
Posts: 1021
Joined: 23 Jan 2011, 01:52
Location: Witness Protection Program.

Re: Two suspicious startups

Post by Roderunner »

The quickest & best scanner is in my opinion http://www.superantispyware.com/portablescanner.html" onclick="window.open(this.href);return false; Download from a clean pc and do a full scan in 'Safe Mode'
Windows 11 Home 22H2

Regards,
George.

User avatar
agibsonsw
SilverLounger
Posts: 2403
Joined: 05 Feb 2010, 22:21
Location: London ENGLAND

Re: Two suspicious startups

Post by agibsonsw »

Roderunner wrote:The quickest & best scanner is in my opinion http://www.superantispyware.com/portablescanner.html" onclick="window.open(this.href);return false; Download from a clean pc and do a full scan in 'Safe Mode'
Hi and thank you.

Might give this a go - not sure about a "clean" computer though :grin:
"I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.

User avatar
Roderunner
5StarLounger
Posts: 1021
Joined: 23 Jan 2011, 01:52
Location: Witness Protection Program.

Re: Two suspicious startups

Post by Roderunner »

If deemed necessary, it can be dl'd in safe mode with networking.
Windows 11 Home 22H2

Regards,
George.

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: Two suspicious startups

Post by ChrisGreaves »

agibsonsw wrote:I updated and ran Malwarebytes Anti-Malware and it discovered these and fixed/quarantined them.
Andy, thanks for this.
I thought I had this product installed, but found I had not.
I installed the latest, d/l the updates and it found 2 infections. :clapping: :clapping:
An expensive day out: Wallet and Grimace