Windows 7: how to delete .dll instructions from start procedure

Hello,



My AV software (AVG) picked up two Trojan infections a few days ago:
- Agent2.BROG, path c:\Users\ds\AppData\Local\geatag.dll
- Downloader.Generic10.AGVT, path c:\Users\ds\AppData\Local\omojepuritu.dll

It put them in the virus vault and I don't think any harm was done, except that now when I restart the computer I get an error message for each one -
"There was a problem starting C:\Users\ds\AppData\Local\geatag.dll. The specified module could not be found."

I want to stop the computer from looking for these things but I can't find any info on it.

It's entirely possible it was a false positive by AVG, and they are legit files needed by a program. that program must be starting at boot, and the dll files are obviously missing. Is it possible to restore the 2 files, even for testing purposes? I'd restore them, you know what the default location is. Then scan the 2 files with Virus Total

Virus Total

This will scan with 43 AV scanners (including AVG). If only AVG finds a virus, you can safely assume they are safe, and add to your whitelist (ignore list for AVG). You can run a scan on any known good file at VT, and usually one AV will report it as infected, so FP are not uncommon, and it depends on your AV. AVG happens to hit on those files, but if it is the only one. I'd trust them. A Guy

What I'm finding for those two dll's in search results is this thread here. It could also be that AVG didn't get all the bits.

kitykatz, I suggest an MBAM scan.

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
• Click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Corrine a question, since I'm curious, and it's related to this thread. Will MalwareBytes, or any scanner, also scan the virus chest of any/all AV programs? I assumed the OP couldn't upload to VT from there, but since the chest is to keep the files isolated from the system, I'm curious if scanners can still scan a AV's virus chest or quarantine?

A Guy

Most do, just as bad files will be shown in System Restore. However, they cannot remove the infected files from the other product's vault. Either the vault needs to be manually emptied or restored in the event of a f/p. Detection of files in a product's vault by another vendor is often why folks panic, thinking they are still infected.