Sounds like you have been infected with spyware/adware/malware of some sort.
I suggest downloading/utilizing MalwareBytes and SuperAntiSpyware as a 'good
start'. Come back and post what you find/get rid of.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
The file is not totally unique.
http://forum.piriform.com/index.php?showtopic=19042&mode=linearplus
--
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Yes, the files indicated in red match the error box I am receiving.
I'm about to try scanning with MalwareBytes and SuperAntiSpyware and
hope I have better luck.
Thank you for the advice. I will advise.
Jo
Is there anyway to go directly to C:\WINNT\System32\yirozoyi.dll and
simply manually delete the line?
JoLev
> I did slow scan with both MalwareBytes and SuperAntiSpyware. Both
> scans found malware that SpySweeper apparently missed - but the
> "...Bad Image" box with the message "The application DLL
> C:\WINNT\System32\yirozoyi.dll is not a valid windows image. Please
> check this against your installtion disk" still pops up. I also
> notice during booting - the "CREATE CD50 - Bad Image" box (same
> message) and then the SYN TPL - Bad Image box (same message) now
> causes the Roxio CD Creator application to launch, followed by
> additional "Bad Message" boxes until booting is complete, each "Bad
> Message" carrying the title of the respective item booting up.
>
> Is there anyway to go directly to C:\WINNT\System32\yirozoyi.dll and
> simply manually delete the line?
"The only way to clean a compromised system is to flatten and rebuild.
That’s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3,
type the name of the file into the search pane. Click "Find Next", and
when located, delete the reference to the file. Press F3 to continue
the search.
You can click File, Export, and save the entry to the Desktop. If you
remove it and there's a problem, double-click the .reg file you exported
to the Desktop and it'll be added to the registry again. You can create
a restore point before editing the registry too.
You could possibly click Start, Run, type MSCONFIG, click OK, click the
StartUp tab, and deselect the item(s). When you restart the computer,
you will be warned that you're running in the Diagnostic mode; click to
not alert you again, and OK out. You won't see the message again. But
I think it's best to just remove the references from the registry.
--
Joe =o)
Shenan - Thank you for recommending MalwareBytes and SuperAntiSpyware.
Using these in addition to my paid version of SpySweeper has resulted
in a noticeably less sluggish operation of this old laptop.
You guys are great!
JoLev
On Sun, 30 Nov 2008 11:07:13 -0500, Elmo <elmo...@iglou.invalid>
wrote:
Jo L wrote:
> Joe - Thank you! The REGEDIT solution did the trick...there were three
> seperate instances of the file and manually deleting each of them has
> prevented further occurrances of the annoying warming box appearing
> before any application launch.
>
> Shenan - Thank you for recommending MalwareBytes and SuperAntiSpyware.
> Using these in addition to my paid version of SpySweeper has resulted
> in a noticeably less sluggish operation of this old laptop.
>
> You guys are great!
Glad things are working better for you!
Thank *you* for coming back to let us know!