Avast is detecting yaxyxu.dll in system32 as malware-gen. It is detecting and moving this approx every 1.5 seconds, so it’s bogging down the computer. Avast says the process is lsass.exe sometimes and csrss.exe at other times. I usually run spybot but have removed it after reading recommendations here today. I have installed superantispyware and malwarebytes. Superantispyware finds no problem at all, and malwareytes will not launch! That’s right, I have even installed it again, and mwb just flat won’t launch on my pc. The mwb help opens fine. (I have run cclean also.) Since mwb won’t run, should I go ahead and runhijackthis? or is there something known to cause this?
This is normally a very clean PC. It was idle for about 10 minutes when avast woke me up. In lieu of the other options, should I stop avast and let this thing launch to see what it does, then go and clean it? I’d obviously prefer not to do that and am surprised I can find no mention of this particular dll anyplace. Is this a brand new rogue thing?
The file name yaxyxu.dll is a randomly generated name, so it isn’t unusual not to find any information on it.
So if after it being moved, the yaxyxu.dll is back again (presumably the same or similar randomly generated name) in the system32 folder something else is on your system either hidden (probably by a rootkit) or undetected.
The fact that MBAM won’t run would appear that there is something else also targeting security software. You could try using the MBAM from safe mode and see if that allows it to run. Or you could try renaming the mbam.exe file to my_mbam_file.exe (you can always change it back later) and see if this other malware is targeting just the executable file name.
When is this detected ?
Can you post the full detection text or attach a screenshot of the alert window.
avast boot time scan found a malware-gen problem in a file named i.dat buried in a Content.IE5 folder. This was after I had run ccleaner – and I don’t even use IE - So no idea how that got there – but that didn’t clear my problem. After reboot avast was still seeing the same problem and moving it to the chest constantly.
I then renamed mbam.exe to something else, and it started – so yes, this thing was preventing mbam from starting. mbam found a set of 3 Vundo problems. After removing them, they reappeared and were detected by a subsequent mbam scan. Rinse - Repeat. Finally, after the fourth run with mbam and a reboot, avast no longer finds this strange dll … and a new mbam scan comes up clean!!
I have renamed mbam to its normal file name and it starts with no problem - so all appears to be well.