anyone know what these files are? ijenomozolo.dll and newM20.dll?

Viruses and worms
1

I recently noticed them on msconfig startup but I don’t know what they are for and how they got in my system. I located them in the registry as well as the files themselves. I renamed the files for now and I think that prevented them from starting up. But before I nuke them and edit the registry, any idea what they are for?

The internet has no info on these

2

Could you please do a scan with Malwarebytes Antimalware and post the log here?

Manual how to do: http://www.omidfarhang.com/computer/programs/malwarebytes-antimalware/usage

3

upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see

alternative
VirSCAN http://virscan.org/
Jotti http://virusscan.jotti.org/

4

Hi Omid,

your suggestion came back with one of them as a trojan. Note I just changed the .dll to .dilla for now but at least it still checked all the files

Folders Infected:
c:\program files\relevantknowledge (Spyware.MarketScore) → No action taken.
c:\program files\relevantknowledge\components (Spyware.MarketScore) → No action taken.

Files Infected:
c:\documents and settings\admin\local settings\temp\v9dd5ips.exe (Trojan.Hiloti) → No action taken.
c:\WINDOWS\newm20.dilla (Trojan.Hiloti) → No action taken.
c:\documents and settings\admin\local settings\Temp\0.6343254182863006.exe (Trojan.Dropper) → No action taken.

5

Hi Pondus, I uploaded the ijenomozolo.dll file and this is what it came out with - so I guess they are both malicious files.

Antivirus Version Last Update Result
AhnLab-V3 2011.04.22.00 2011.04.21 -
AntiVir 7.11.6.230 2011.04.21 -
Antiy-AVL 2.0.3.7 2011.04.21 -
Avast 4.8.1351.0 2011.04.21 -
Avast5 5.0.677.0 2011.04.21 -
AVG 10.0.0.1190 2011.04.21 -
BitDefender 7.2 2011.04.22 Gen:Variant.Kazy.3281
CAT-QuickHeal 11.00 2011.04.21 -
ClamAV 0.97.0.0 2011.04.21 -
Commtouch 5.3.2.6 2011.04.21 W32/Hiloti.J.gen!Eldorado
Comodo 8429 2011.04.22 TrojWare.Win32.Trojan.XPack.~gen1
DrWeb 5.0.2.03300 2011.04.22 -
eSafe 7.0.17.0 2011.04.20 -
eTrust-Vet 36.1.8284 2011.04.21 -
F-Prot 4.6.2.117 2011.04.21 W32/Hiloti.J.gen!Eldorado
F-Secure 9.0.16440.0 2011.04.22 Gen:Variant.Kazy.3281
Fortinet 4.2.257.0 2011.04.22 -
GData 22 2011.04.22 Gen:Variant.Kazy.3281
Ikarus T3.1.1.103.0 2011.04.21 -
Jiangmin 13.0.900 2011.04.21 -
K7AntiVirus 9.97.4451 2011.04.21 Riskware
Kaspersky 7.0.0.125 2011.04.22 -
McAfee 5.400.0.1158 2011.04.22 -
McAfee-GW-Edition 2010.1D 2011.04.21 -
Microsoft 1.6802 2011.04.21 -
NOD32 6062 2011.04.22 -
Norman 6.07.07 2011.04.21 -
Panda 10.0.3.5 2011.04.21 -
PCTools 7.0.3.5 2011.04.21 -
Prevx 3.0 2011.04.22 -
Rising 23.54.03.06 2011.04.21 -
Sophos 4.64.0 2011.04.21 Troj/Hiloti-BW
SUPERAntiSpyware 4.40.0.1006 2011.04.22 -
Symantec 20101.3.2.89 2011.04.22 Trojan.Zefarch!gen4
TheHacker 6.7.0.1.180 2011.04.21 -
TrendMicro 9.200.0.1012 2011.04.21 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.22 -
VBA32 3.12.16.0 2011.04.21 -
VIPRE 9081 2011.04.22 Trojan.Win32.Cimag.gk (v)
ViRobot 2011.4.21.4422 2011.04.21 -
VirusBuster 13.6.315.0 2011.04.21 -
Additional information
MD5 : 503768fc50580313f4d6157eb6d5fe56
SHA1 : 234d504b8c0628f63a381b0420a5fb4b9d886f4e
SHA256: 7d2154e643f7702166b3202afc3fc893692b52066df184e9849aa052df848068

6

Then let the Malwarebytes Antimalware to remove infections.

Before that, compress both files (plus others detected by Malwarebytes) and password protect them ‘infected’ and send it to virus [at] avast [dot] com