Unknown startup entries

[BadBusta]

I wanted to see if anyone could tell me what the following two startup entries might be. I have searched google and neither come up with anything at all about them. I have tried to disable them in ccleaner startup and when I reboot it shows them enabled again. I found them in HiJackThis, but I don't want to delete them without a better understanding of what they might be.

I am running Windows 7 Professional

Here they are:

Yes HKCU:Run Kvopig rundll32.exe "C:\Users\Randy\AppData\Local\opid870.dll",Startup

Yes HKCU:Run Iquzepiguyorukem rundll32.exe "C:\Users\Randy\AppData\Local\inaxisetacoku.dll",Startup

Thank You
Randy Smith

 

[richc46]

HKCU may be a virus or malware.
Run your antivirus
Download and run malwarebytes.

Better to be safe than sorry.

http://www.computing.net/answers/security/spyware-doctor-found-hkcusoftware/19902.html

I am not a malware specialist. If I am wrong no harm. If right, get rid of these things.

 

[Harvey Meale]

Hi BadBusta,

I would remove these files as they aren't necessary system files, and I doubt they are critical components of any other applications. There's a chance that they're malicious.

• Go to Jotti.
• Click Upload.
• Copy and paste the exact file name in bold:
• C:\Users\Randy\AppData\Local\opid870.dll
• C:\Users\Randy\AppData\Local\inaxisetacoku.dll
• Click Submit.
• Copy and paste back the results once Jotti has finished scanning the file.

Do the above steps if you want to be sure.

Also, 'HKCU' only means they're located within the Current User hive in the System Registry - it, by no means, automatically means it's an infection.

Thanks,
Harvey Meale

 

[BadBusta]

Thank Yo for the quick response. Jotti is an excellent tool. I will be able to delete them from my system. They both showed multiple entries for trojans.

Thank You
Randy Smith

 

[Harvey Meale]

There you go. Glad I could help.