• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

NxCooking.dll / eledujodivo.dll = What is it? Adware?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion

View previous topic :: View next topic  
Author Message
xad
Just Arrived
Just Arrived


Joined: 26 Jan 2010
Posts: 0


Offline

PostPosted: Tue Jan 26, 2010 1:51 am    Post subject: NxCooking.dll / eledujodivo.dll = What is it? Adware? Reply with quote

What is NxCooking.dll? I googled it and it states that it has something to do with Nvidia HOWEVER, i never saw it appear before.

And the thing is, on my system it's not named NxCooking.dll, it's named eledujodivo.dll - the only way i found out the real name was going into safe mode otherwise i coudn't access the properties information.

I tried unchecking it via msconfig and deleting it via regedit but it still remains, although i think i can delete it now if i wish using unlocker software, but my question is, is this part of the system or is this a dangerous file that's pretending to be something it's not?

I ran it via Nod32 & Malware bytes and nothing.

In regedit this is how it appears:
Kkiwukoz ---- rundll32.exe "C:\WINDOWS2\eledujodivo.dll",Startup

Notice the strange name.

Should i try removing it? Is it part of Nvidia software? I'm pretty sure it wasn't there before. WTF is it named eledujodivo.dll instead of NXcooking.dll?

HELP! Crying or Very sad

Back to top
View user's profile Send private message
xad
Just Arrived
Just Arrived


Joined: 26 Jan 2010
Posts: 0


Offline

PostPosted: Wed Jan 27, 2010 8:22 pm    Post subject: Reply with quote

Wow, looks like it WAS a virus. I unlocked the file using a software called unlocked and then when i deleted it my anti virus (nod32) gave out an alert stating the file was a virus. Not sure why it didn't alert me before.

The virus was stated as being: Win32/Cimag.BO trojan

and showed as being called Dc4.dll even though the file was renamed to something else as can be seen from my previous post.


What does this mean? Does this means somebody was stealing my info/passwords all this time?

Also, i've noticed that rundll32.exe keeps running whenever i start my PC, i know that this is used to run DLL files, but is it normal to have it start up automatically every time you start your PC? With the DLL trojan i've found i'm kind of nervous. Also, if i end rundll32.exe my system works fine and doesn't become unstable. Does everyone else have this startup automatically as well?

BTW, i'm using Windows XP sp3.

EDIT: Just realised rundll32.exe runs in order to load up a lot of nvidea DLL's, but is it normal for it to run non stop?
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register