Browseui.dll changed?Help

Discussion in 'malware problems & news' started by tak300, Nov 28, 2006.

Thread Status:
Not open for further replies.
  1. tak300

    tak300 Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    10
    Hi guys

    Im going paranoid! Whenever i press a key in the windows search dialog or try to type stuff in the explorer address bar, ssm pops this msg

    11-2wu2.jpg

    22-1mi6.jpg

    What the hell is going on here? Ive already scanned the file with Nod32 with a2free, already scanned the drive with gmer112, and ran hijackthis and nothing... is this normal?Because its the first time its ever happened to me...

    Its suppose to be a "windows" file, but SSM only reported that "action" today...

    Please help me, im going crazy :|

    PS: Dunno if this is the correct area to post, if not sorry :|
     
  2. herbalist

    herbalist Guest

    Start with making sure the file is legitimate. Upload it to VirusTotal and let them check it with multiple scanners. If it shows clean, Google the version numbers and try to find an MD5 signature for it. It is possible that Windows Update has replaced the file with a new one. Malware occasionally replaces the file with its own.
    Did this happen after running windows update or after you installed something?
    Rick
     
  3. tak300

    tak300 Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    10
    It happened to me after i rebooted my machine.
    I had to reboot because drwatson32(windows debbuger found in the system32 folder) or smt "froze" my computer, ssm kept asking about suspend thread action until it "froze" (I was using my pen disk, then did that remove safely thingie and then drwatson came alive, and this has happened 2 times now :s )

    After that the "message" began to appear.
    Firstly i ran gmer112 and nod32 and found nothing.Then i allowed and checked the md5 hash which i compared to another computer i have here at home. The hashs were the same, but just to be sure i "copied" the file from the other computer..After that i rescanned my computer with gmer112 and nod32 in safe mode and again found nothing suspicious

    What do you think may have caused this? I dont think its malware but i would like to know (im paranoid :< ). Could have it been a ssm conflict that "erased" the rules of that file? What the hell could have caused this :|
     
    Last edited: Nov 29, 2006
  4. herbalist

    herbalist Guest

    If the MD5s were the same, the file is fine. As for what caused this, that's hard to narrow down. It's possible that SSM was preventing DrWatson or smt from doing something. What specifically was SSM prompting for with "suspend thread"?
    A conflict is always possible. It could also be an incomplete rule for one of the processes involved at the time, like DrWatson or smt. I doesn't seem likely that this would cause the loss of one rule though. Check to make sure there is no rule for browseUI, possibly with a different MD5. If not is present, let SSM make one. As for the "suspend thread" alert, if the request is for a legitimate system process, try allowing it once and see if behaves normally. Some applications don't respond well to waiting for their actions to be allowed.
    Rick
     
Loading...
Thread Status:
Not open for further replies.