Can't remove this one Malware. nnnomkk.dll

Discussion in 'Malware Help (A Specialist Will Reply)' started by jgray152, Feb 23, 2007.

  1. jgray152

    jgray152 Private E-2

    I have been working on my mothers computer for about 2 weeks now removing over 100 files/programs related to spyware/viruses/adware/malware.

    This one .dll file I can not get rid of. Its called nnnomkk.dll. When I search for this file on the internet I get one or 2 results pointing to some forum with someone that has this file as well. Its a translated page from french so its hard to read.

    I had ssttr.dll which is related to vundo and I was able to get rid of that after a few attempts. Since ssttr.dll was loaded in windows logon and windows explore, I could not simply delete the file or registry entries.

    Same exact issue is happening with nnnomkk.dll. This file loads in windows explorer and windows logon. I disabled it in IE7 but that is as far as I can go.

    Posting a hijackthis log will only tell you that nnnomkk.dll is being loaded and everything else is clean. So that may not help you guys at out. I can post it anyways if you would like, maybe I have missed something. I run HJT under safe mode renamed.

    Here is what I have run on this computer.

    Process Removers:
    Bitdeffender v10
    Spybot S&D
    XoftSpy SE
    Windows Defender
    Adaware 1.06
    VundoFix
    SDFix

    Process Tracking
    Process Explorer
    Auto RunS
    Servi Win

    I can't find any information so far. I tried searching this forum and came up with nothing.

    Is there a way I can load windows and say yes or no to files being loaded?

    Thanks
    Justin
     
    jgray152, Feb 23, 2007
    #1
  2. jgray152

    jgray152 Private E-2

    I have also ran RegCure just to see if that would get rid of some registry entries. That damn program found over 1700 problems! Not saying any of it was malware related but... damn.
     
    jgray152, Feb 23, 2007
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Continue by downloading a tool we will need - Pocket KillBox

    Now run Pocket Killbox by doubleclicking on killbox.exe
    Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

    Select:

    * Delete on Reboot
    * then Click on the All Files button.*(or on the folders option)*
    * Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    (put in the path to the .dll - ie C:\Windows\system32\xxxxxxxx

    * Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    * Click the red-and-white Delete File button. Click the box for unregister .dll's. Click Yes at the Delete on Reboot prompt.

    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

    If Killbox does not reboot just reboot your PC yourself.

    I would suggest you attach logs for:
    ShowNew
    GetRun
    HJT

    All from the Read and Run First instructions.
     
    TimW, Feb 24, 2007
    #3
  4. jgray152

    jgray152 Private E-2

    Ok I will try that out. I appriciate the help. Since I have been working on the computer its been a lot faster. :)

    I ran Auto RunS again and I searched for nnnomkk.dll and I found it. I must have missed it before or somthing I don't know how I did. So I disabled nnnomkk.dll from winlogon and explorer. The only 2 areas where it gets loaded into.

    After rebooting the computer it run horribly slow. I then had to go to work so I couldn't look at it further. Since then my mother used it and I see the file made a new listing in Auto RunS so its no disabled any more and the computer runs better.

    Really weird.

    I will do what you listed and see if that turns up any results.

    Thanks for the help.
    Justin
     
    jgray152, Feb 24, 2007
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Would suggest that you run thru the entire Read and Run First thread. Then post the logs.
     
    TimW, Feb 24, 2007
    #5
  6. jgray152

    jgray152 Private E-2

    well I get the "PendingFileRenameOperations" and now the nnnomkk.dll file only loads in winlogon and not explorer. I don't know if killbox had anything to do with it. The file was not deleted.

    I will finish reading through what you said to read.

    BTW, I tried replying to someones thread about the svchost problem and it said I didn't have persmission? Yet it tells me I "may make new posts and threads". What is up with this?

    I wanted to let the guy know that there is a program called "Taskbar Repair" that can fix his task bar problem.
     
    jgray152, Feb 25, 2007
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    There are only the malware workers that can reply in this section ....you could PM the person if you think it will help, but it is best to leave it to who ever is running that thread as they are aware of what problems may exist.

    Please do the read and run instructions so that I may see where the problem lies and we can do a thorough cleaning.
     
    TimW, Feb 25, 2007
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds