Bugger.

Kapitan_Phillips · 04-20-09, 05:15 AM

Hey guys, I would appreciate some input here.

Recently I've started to get a popup error on Vista whenever I try to launch *anything*, Paint, Firefox, MSN, even the On Screen Keyboard.

The error references a "yipavibo.dll" in System32, but on inspection of this folder, I found no trace of this .dll file; so I dont know if it was accidentally deleted or moved without my knowledge.

I've tried a Google search, and there's absolutely nothing about it anywhere. I have thought of re-installing Vista, but this laptop was from PC World, and they hate giving out OS disks when you buy one of their computer systems.

Would placing someone elses yipavibo.dll in the system folder solve this?

HunterICX · 04-20-09, 06:17 AM

yipavibo.dll?

that doesnt sound like a legit/true dll file to me.

(if it where and it was a vista problem google would have gotten answers I found 1 result in google reffering to the malware Virtumonde)
I know some trojan/virus create Dll's with the most silly names.
in example the Virtumonde virus does that.

you notice any System slow downs or pop ups?

you might want to try to run a scan if possible. (what kind of AV are you running?)

HunterICX

CaptainHaplo · 04-20-09, 06:19 AM

A quick search showed only a bit - looked to indicate that the file is part of a ugly - Vundo to be exact. Its a trojan, and the reason you can't find much on the dll is because it drops a random named one in the system folder. Yours just happen to be one that has been noted before.

I would suggest a good antispyware/virus package, updated and run first off. Then a reg cleaner to remove orphaned entries. If you still have issues, then yes reinstall the OS, but make sure you format the drive first (don't do a "repair").

Good luck.

HunterICX · 04-20-09, 06:21 AM

Yeah, pretty sure its Vundo

I had that myself on the PC at work.
a nasty bugger to remove but not impossible.

http://en.wikipedia.org/wiki/Virtumonde

HunterICX

AVGWarhawk · 04-20-09, 08:13 AM

Run Windows Defender and see if it catches it.

NeonSamurai · 04-20-09, 12:18 PM

As a guess I would say some virus scanner or malware scanner found and deleted the dll file, but left behind everything else particularly the registry entries.

You may have to finish the job by hand (or use a good scanner that will clear everything else, like spybot search&destroy).

Kapitan_Phillips · 04-20-09, 01:14 PM

Okay guys thanks, I have Avast having a butchers around the place, AdAware, CCleaner, Spybot and Auslogics will be in line.

If it isnt a legitamate registry entry, how come every single program I open comes up with the error?

NeonSamurai · 04-20-09, 03:03 PM

It could be that the malware is tied into those programs somehow, or that it checks to see if its running when ever a new application is started.

No matter what though that isn't a normal .dll, and definitely not something they would all need to run, normally anyhow.

HunterICX · 04-20-09, 03:08 PM

Quote:

Originally Posted by NeonSamurai

As a guess I would say some virus scanner or malware scanner found and deleted the dll file, but left behind everything else particularly the registry entries.

You may have to finish the job by hand (or use a good scanner that will clear everything else, like spybot search&destroy).

Vundo even infests itself into msconfig, that will re-animate the Malware when you reboot the system and are connected to the internet.

I ran a fix called ComboFix which removed the virus from the windows key files

also use a Autorun Manager to disable&Remove these DLL's (they are easy to spot as the names are complete giggly goo)

and work OFFLINE to make sure it doesn't come right back in.

when I had this at work (Win XP)
I used the following

Spybot S&D - Detection and removal of minor files it could detect
AVG8.0 Free - Same as above

Combofix - remove the vundo from the windows key files
Autorun Manager - to disable the malware DLL files and remove them (also to check if your system is clean again)

and work offline ofcourse

you might want to double check everything so scan your PC multiple times to make sure you got rid of it.

HunterICX

Task Force · 04-20-09, 03:10 PM

I had a .dll file that had a issue when starting up a while ago... Then it stoped...

Havent knoticed any popups, or slowness.

Kapitan_Phillips · 04-20-09, 04:07 PM

Its fixed! Thanks all for the suggestions!

04-20-09, 05:15 AM	#1
Kapitan_Phillips Silent Hunter Join Date: Jul 2005 Location: Swansea Posts: 3,902 Downloads: 203 Uploads: 0	Bugger. Hey guys, I would appreciate some input here. Recently I've started to get a popup error on Vista whenever I try to launch anything, Paint, Firefox, MSN, even the On Screen Keyboard. The error references a "yipavibo.dll" in System32, but on inspection of this folder, I found no trace of this .dll file; so I dont know if it was accidentally deleted or moved without my knowledge. I've tried a Google search, and there's absolutely nothing about it anywhere. I have thought of re-installing Vista, but this laptop was from PC World, and they hate giving out OS disks when you buy one of their computer systems. Would placing someone elses yipavibo.dll in the system folder solve this? __________________ Well, here's another nice mess you've gotten me into.

04-20-09, 06:17 AM	#2
HunterICX Rear Admiral Join Date: May 2006 Location: Malaga, España Posts: 10,750 Downloads: 8 Uploads: 0	yipavibo.dll? that doesnt sound like a legit/true dll file to me. (if it where and it was a vista problem google would have gotten answers I found 1 result in google reffering to the malware Virtumonde) I know some trojan/virus create Dll's with the most silly names. in example the Virtumonde virus does that. you notice any System slow downs or pop ups? you might want to try to run a scan if possible. (what kind of AV are you running?) HunterICX __________________

04-20-09, 06:19 AM	#3
CaptainHaplo Silent Hunter Join Date: Apr 2007 Posts: 4,404 Downloads: 29 Uploads: 0	A quick search showed only a bit - looked to indicate that the file is part of a ugly - Vundo to be exact. Its a trojan, and the reason you can't find much on the dll is because it drops a random named one in the system folder. Yours just happen to be one that has been noted before. I would suggest a good antispyware/virus package, updated and run first off. Then a reg cleaner to remove orphaned entries. If you still have issues, then yes reinstall the OS, but make sure you format the drive first (don't do a "repair"). Good luck. __________________ Good Hunting! Captain Haplo

04-20-09, 06:21 AM	#4
HunterICX Rear Admiral Join Date: May 2006 Location: Malaga, España Posts: 10,750 Downloads: 8 Uploads: 0	Yeah, pretty sure its Vundo I had that myself on the PC at work. a nasty bugger to remove but not impossible. http://en.wikipedia.org/wiki/Virtumonde HunterICX __________________

04-20-09, 08:13 AM	#5
AVGWarhawk Lucky Jack Join Date: Jun 2005 Location: In a 1954 Buick. Posts: 27,343 Downloads: 90 Uploads: 0	Run Windows Defender and see if it catches it. __________________ “You're painfully alive in a drugged and dying culture.” ― Richard Yates, Revolutionary Road

04-20-09, 12:18 PM	#6
NeonSamurai Ocean Warrior Join Date: Jan 2002 Location: Socialist Republic of Kanadia Posts: 3,044 Downloads: 17 Uploads: 0	As a guess I would say some virus scanner or malware scanner found and deleted the dll file, but left behind everything else particularly the registry entries. You may have to finish the job by hand (or use a good scanner that will clear everything else, like spybot search&destroy). __________________ SH3 Newbie Guide Links and other helpfull stuff

04-20-09, 01:14 PM	#7
Kapitan_Phillips Silent Hunter Join Date: Jul 2005 Location: Swansea Posts: 3,902 Downloads: 203 Uploads: 0	Okay guys thanks, I have Avast having a butchers around the place, AdAware, CCleaner, Spybot and Auslogics will be in line. If it isnt a legitamate registry entry, how come every single program I open comes up with the error? __________________ Well, here's another nice mess you've gotten me into.

04-20-09, 03:03 PM	#8
NeonSamurai Ocean Warrior Join Date: Jan 2002 Location: Socialist Republic of Kanadia Posts: 3,044 Downloads: 17 Uploads: 0	It could be that the malware is tied into those programs somehow, or that it checks to see if its running when ever a new application is started. No matter what though that isn't a normal .dll, and definitely not something they would all need to run, normally anyhow. __________________ SH3 Newbie Guide Links and other helpfull stuff

04-20-09, 03:10 PM	#10
Task Force Rear Admiral Join Date: Jul 2008 Location: SPACE!!!! Posts: 10,142 Downloads: 85 Uploads: 0	I had a .dll file that had a issue when starting up a while ago... Then it stoped... Havent knoticed any popups, or slowness. __________________ Task Force industries "Taking control of the world, one mind at a time"

04-20-09, 04:07 PM	#11
Kapitan_Phillips Silent Hunter Join Date: Jul 2005 Location: Swansea Posts: 3,902 Downloads: 203 Uploads: 0	Its fixed! Thanks all for the suggestions! __________________ Well, here's another nice mess you've gotten me into.