macdunn Posted June 3, 2014 Posted June 3, 2014 I have been using Windows 7 Ultimate since, well, probably since it went Gold. Essentially no problems. Today, I made a regularly scheduled backup of the harddrive using Acronis TrueImage. No problems, as usual. However, when I restarted the computer, a 'RegSrv32' dialog box is displayed (now every time I restart) -- The module "C:\ProgramData\AyovYewzo.dat" failed to load. Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files. The specified module is not found. I checked the C:\ProgramData\ sub-directory and there is a copy of AyovYewzo.dat and OtagOdha.dat, neither of which means anything to me. I added a .bak extension to both and the OtagOdha.dat file recreated itself (without the .bak extension. I can find no information when doing a Google search. They are both 'called' in the Registry (I did a search using RegEdit) in Windows - Current Version - Run -- regsvr32.exe "C:\ProgramData\AyovYewzo.dat" regsvr32.exe "C:\ProgramData\OtagOdha.dat" I have no idea what either one does and if they are necessary. TIA, -Mac- OtagOdha.dat Quote
Guest LilBambi Posted June 3, 2014 Posted June 3, 2014 I would go for the following (in this order): RKill (in the form of rkill.scr, or one of the other non exe/com versions) - kills malicious processes and fixes exe shell registry settings etc. JRT (Junk Removal Tool) AdwCleaner Then finish off with the new Malwarebytes Antimalware v2.x If you were able to get these things to run, please post back here in the topic the logs from the above scans. Sounds like you got hit by some piece of malware. Quote
macdunn Posted June 3, 2014 Author Posted June 3, 2014 Hi Bambi, Yup, a Trojan -- Trojan horse PSW.Generic12.ANNU, C:\Documents and Settings\All Users\OtagOdha.dat";"Secured" AVG finds it and says that [AVG] it has shredded it, but it keeps coming back. I am going to other solutuions, including yours if others fail. Don't know how I got it. I am very cautious about the sites I visit. Etc. But, that is the world we live in. Thanks! Quote
Guest LilBambi Posted June 4, 2014 Posted June 4, 2014 I hear ya. RKill kills running malware processes so they can't prevent you from deleting it with other tools. The tools I posted are great. Also ESET Online Scanner would be a great 2nd opinion. Quote
macdunn Posted June 4, 2014 Author Posted June 4, 2014 (edited) Turned out that AVG did successfully 'shred' the trojan. I did one cold-reboot and got the same error dialog, this time naming OtagOdha.dat as the file which was not loaded, even though it was present. I ran AVG again, to be safe, and it did not find any trojan, virus or other offensive stuff. I am also going to run Spybot today (next day now) to be sure since it has in the past turned up small stuff as well. This is the first thing which has infected one of my multiple Windows (XP and/or 7) machines in maybe as much as ten years. I did also, after running AVG a second time, delete the volumes on the HDD which I had used as my backup media and then made a new mirror copy. Remember, this is where I was, with a reboot after the mirror op, when the reboot displayed the error dialog about the problem loading the trojan data file. Obviously, I have no wish to have a backup mirror with the trojan installed. Again, thanks LilBambi for confirming my suspicions that I had an infected machine. -Mac- Edited June 4, 2014 by macdunn Quote
Guest LilBambi Posted June 4, 2014 Posted June 4, 2014 I would still run ESET Online Scanner above at the very least and Malwarebytes Anti-malware noted above. And I would still use RKill just to be sure nothing is hiding it's existence from your scans. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.