UDConn.dll not found error

ok, I've been running Ad-aware every couple of weeks keeping my spyware in check, but this error (not sure if it's harmful at all) keeps on coming up. It's something like

UDConn.dll file not found

it comes up at bootup.

I know there was a previous thread on this, and I tried responding that I had the same problem, but I couldn't respond...

here a log after using the hijackthis program:

 

Hi efralope,

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sixroads.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL

O4 - HKLM\..\Run: [misapellidosus-htm] RunDll32 UDConn.dll,RunAsIcon misapellidosus
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [cahwjyqmzm] C:\WINDOWS\SYSTEM\lsjureg.exe

O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

O9 - Extra button: Erotic (HKLM)

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...cab/pl4yb0y.cab

O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/diale...Recomendada.cab

O16 - DPF: {5C24626A-CC0D-49D6-8454-AAA5B97D4410} (UDConnect Class) - http://09.sharedsource.org/html/HGM..._1.0.0.2ie.cab?
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN.cab

O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...39126/turbo.cab
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...26/payload2.cab

Then reboot into safe mode and delete:
C:\WINDOWS\BELT.exe
C:\WINDOWS\SYSTEM\lsjureg.exe

Can you tekll us what the Reffile number is for AdAware you are currently using?

Regards,

Pieter

 

thank you for your help, I'll go ahead and follow you instructions, I'm using Ad-aware 6.0 and the reference file 01R313 02.06.2004 loaded, but I update whenever I run Ad-Aware...

Unfortunately, I'm using Windows 98 and it's a pretty old computer, so it takes forever to run Ad-Aware...

I think I'm going to run it one more time before I do the deletions (since a new reference file says 15.06.2004 I think, so its newer.

Thanks for the help, I think that the reason I'm getting the error is because Ad-aware didn't catch this:

O4 - HKLM\..\Run: [misapellidosus-htm] RunDll32 UDConn.dll,RunAsIcon misapellidosus

I think my cousin downloaded this (probably without knowing) when going to some family roots/ family history/ family lineage site (maybe a Spanish language one?), and I think, so I ended up deleting the files associated with that by myself.

The reason I say this is because he got on those sites one time, and I know "mis apellidosus" translates roughly to "my last names" but could reference lineage as well...

Thanks for your help though, I'm getting an understanding of how this whole spyware thing works, and though I'll never mess with the system on my own out of fear of deleting something important, I'll take your advice on these...

 

ok, after running the new reference file from Ad-Aware, I got this log file from HijackThis:

 

It looks like you completely ignored all the things I listed.

Regards,

Pieter

 

no dude, sorry I was just keeping a step by step log of what happened...

anyway, after running Ad-Aware, I deleted those files you told me with Hijack This, then I restarted, and it ran Ad-Aware cause it couldn't get rid of some files the first time.

Then I rebooted in Safe Mode to delete the two .exe files you told me, and I could only find lsjureg.exe, the other file (BELT.exe) wasn't there, but there was a BELT.ini file, is that the one I should have deleted?

-thank you for you help

here is what HiJackThis scan looks like after I did all this:

 

thanks dude, everything seems to be working now...

 

Glad we could help.

Please read How did this happen and can I prevent it?

Regards,

Pieter

 

cool, just one question:

Then I rebooted in Safe Mode to delete the two .exe files you told me, and I could only find lsjureg.exe, the other file (BELT.exe) wasn't there, but there was a BELT.ini file, is that the one I should have deleted?

 

No need to remove it. A .ini file is harmless by itself but according to Symantec it does belong to the malware:
http://sarc.com/avcenter/venc/data/adware.binet.html
So it is safe either way.

Regards,

Pieter