UDConn.dll not found error

Discussion in 'adware, spyware & hijack cleaning' started by efralope, Jun 17, 2004.

Thread Status:
Not open for further replies.
  1. efralope

    efralope Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    11
    ok, I've been running Ad-aware every couple of weeks keeping my spyware in check, but this error (not sure if it's harmful at all) keeps on coming up. It's something like

    UDConn.dll file not found

    it comes up at bootup.

    I know there was a previous thread on this, and I tried responding that I had the same problem, but I couldn't respond...

    here a log after using the hijackthis program:

     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi efralope,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sixroads.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL

    O4 - HKLM\..\Run: [misapellidosus-htm] RunDll32 UDConn.dll,RunAsIcon misapellidosus
    O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
    O4 - HKLM\..\Run: [cahwjyqmzm] C:\WINDOWS\SYSTEM\lsjureg.exe

    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

    O9 - Extra button: Erotic (HKLM)

    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...cab/pl4yb0y.cab

    O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/diale...Recomendada.cab

    O16 - DPF: {5C24626A-CC0D-49D6-8454-AAA5B97D4410} (UDConnect Class) - http://09.sharedsource.org/html/HGM..._1.0.0.2ie.cab?
    O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN.cab

    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...39126/turbo.cab
    O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...26/payload2.cab

    Then reboot into safe mode and delete:
    C:\WINDOWS\BELT.exe
    C:\WINDOWS\SYSTEM\lsjureg.exe

    Can you tekll us what the Reffile number is for AdAware you are currently using?

    Regards,

    Pieter
     
  3. efralope

    efralope Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    11
    thank you for your help, I'll go ahead and follow you instructions, I'm using Ad-aware 6.0 and the reference file 01R313 02.06.2004 loaded, but I update whenever I run Ad-Aware...

    Unfortunately, I'm using Windows 98 and it's a pretty old computer, so it takes forever to run Ad-Aware...

    I think I'm going to run it one more time before I do the deletions (since a new reference file says 15.06.2004 I think, so its newer.

    Thanks for the help, I think that the reason I'm getting the error is because Ad-aware didn't catch this:

    O4 - HKLM\..\Run: [misapellidosus-htm] RunDll32 UDConn.dll,RunAsIcon misapellidosus

    I think my cousin downloaded this (probably without knowing) when going to some family roots/ family history/ family lineage site (maybe a Spanish language one?), and I think, so I ended up deleting the files associated with that by myself.

    The reason I say this is because he got on those sites one time, and I know "mis apellidosus" translates roughly to "my last names" but could reference lineage as well...

    Thanks for your help though, I'm getting an understanding of how this whole spyware thing works, and though I'll never mess with the system on my own out of fear of deleting something important, I'll take your advice on these...
     
  4. efralope

    efralope Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    11
    ok, after running the new reference file from Ad-Aware, I got this log file from HijackThis:

     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    It looks like you completely ignored all the things I listed. o_O

    Regards,

    Pieter
     
  6. efralope

    efralope Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    11
    no dude, sorry I was just keeping a step by step log of what happened...

    anyway, after running Ad-Aware, I deleted those files you told me with Hijack This, then I restarted, and it ran Ad-Aware cause it couldn't get rid of some files the first time.

    Then I rebooted in Safe Mode to delete the two .exe files you told me, and I could only find lsjureg.exe, the other file (BELT.exe) wasn't there, but there was a BELT.ini file, is that the one I should have deleted?

    -thank you for you help

    here is what HiJackThis scan looks like after I did all this:

     
  7. efralope

    efralope Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    11
    thanks dude, everything seems to be working now...
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  9. efralope

    efralope Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    11
    cool, just one question:

    Then I rebooted in Safe Mode to delete the two .exe files you told me, and I could only find lsjureg.exe, the other file (BELT.exe) wasn't there, but there was a BELT.ini file, is that the one I should have deleted?
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
Thread Status:
Not open for further replies.