I'm running WindowsXP Pro. Since yesterday, when I boot up and select
any application including Explorer, I get a warning box. The title of
the box is always the respective application followed by "Bad Image."
The message is always "The application DLL C:\WINNT\
System32\yirozoyi.dll is not a valid windows image. Please check this
against your installtion disk" I must close the box several times
and everything runs fine except that each time I try to open a new
application, the entire cycle repeats itself. I am running AVG Free
virus software and Spy Sweeper but scans for what I think might be
this virus do not detect anything. Got any ideas how I can locate
this "yirozoyi.dll" thing and get rid of it? Thanks, in advance, for
your help.

Jo L wrote:
> I'm running WindowsXP Pro. Since yesterday, when I boot up and
> select any application including Explorer, I get a warning box. The
> title of the box is always the respective application followed by
> "Bad Image." The message is always "The application DLL C:\WINNT\
> System32\yirozoyi.dll is not a valid windows image. Please check
> this against your installtion disk" I must close the box several
> times and everything runs fine except that each time I try to open
> a new application, the entire cycle repeats itself. I am running
> AVG Free virus software and Spy Sweeper but scans for what I think
> might be this virus do not detect anything. Got any ideas how I
> can locate this "yirozoyi.dll" thing and get rid of it? Thanks, in
> advance, for your help.

Sounds like you have been infected with spyware/adware/malware of some sort.

I suggest downloading/utilizing MalwareBytes and SuperAntiSpyware as a 'good
start'. Come back and post what you find/get rid of.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Shenan

The file is not totally unique.
http://forum.piriform.com/index.php?...ode=linearplus


--



Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Shenan Stanley wrote:
> Jo L wrote:
>> I'm running WindowsXP Pro. Since yesterday, when I boot up and
>> select any application including Explorer, I get a warning box. The
>> title of the box is always the respective application followed by
>> "Bad Image." The message is always "The application DLL C:\WINNT\
>> System32\yirozoyi.dll is not a valid windows image. Please check
>> this against your installtion disk" I must close the box several
>> times and everything runs fine except that each time I try to open
>> a new application, the entire cycle repeats itself. I am running
>> AVG Free virus software and Spy Sweeper but scans for what I think
>> might be this virus do not detect anything. Got any ideas how I
>> can locate this "yirozoyi.dll" thing and get rid of it? Thanks, in
>> advance, for your help.
>
> Sounds like you have been infected with spyware/adware/malware of
> some sort.
> I suggest downloading/utilizing MalwareBytes and SuperAntiSpyware as
> a 'good start'. Come back and post what you find/get rid of.
>
> --
> Shenan Stanley
> MS-MVP

On Fri, 28 Nov 2008 23:48:24 -0000, "Gerry" <gerry@nospam.com> wrote:

Yes, the files indicated in red match the error box I am receiving.
I'm about to try scanning with MalwareBytes and SuperAntiSpyware and
hope I have better luck.

Thank you for the advice. I will advise.

Jo

I did slow scan with both MalwareBytes and SuperAntiSpyware. Both
scans found malware that SpySweeper apparently missed - but the
"...Bad Image" box with the message "The application DLL
C:\WINNT\System32\yirozoyi.dll is not a valid windows image. Please
check this against your installtion disk" still pops up. I also
notice during booting - the "CREATE CD50 - Bad Image" box (same
message) and then the SYN TPL - Bad Image box (same message) now
causes the Roxio CD Creator application to launch, followed by
additional "Bad Message" boxes until booting is complete, each "Bad
Message" carrying the title of the respective item booting up.

Is there anyway to go directly to C:\WINNT\System32\yirozoyi.dll and
simply manually delete the line?

JoLev



On Fri, 28 Nov 2008 16:41:26 -0600, "Shenan Stanley"
<newshelper@gmail.com> wrote:

>Jo L wrote:
>> I'm running WindowsXP Pro. Since yesterday, when I boot up and
>> select any application including Explorer, I get a warning box. The
>> title of the box is always the respective application followed by
>> "Bad Image." The message is always "The application DLL C:\WINNT\
>> System32\yirozoyi.dll is not a valid windows image. Please check
>> this against your installtion disk" I must close the box several
>> times and everything runs fine except that each time I try to open
>> a new application, the entire cycle repeats itself. I am running
>> AVG Free virus software and Spy Sweeper but scans for what I think
>> might be this virus do not detect anything. Got any ideas how I
>> can locate this "yirozoyi.dll" thing and get rid of it? Thanks, in
>> advance, for your help.
>
>Sounds like you have been infected with spyware/adware/malware of some sort.
>
>I suggest downloading/utilizing MalwareBytes and SuperAntiSpyware as a 'good
>start'. Come back and post what you find/get rid of.
>
>--
>Shenan Stanley
> MS-MVP

On Sat, 29 Nov 2008 20:28:37 -0500, Jo L wrote:

> I did slow scan with both MalwareBytes and SuperAntiSpyware. Both
> scans found malware that SpySweeper apparently missed - but the
> "...Bad Image" box with the message "The application DLL
> C:\WINNT\System32\yirozoyi.dll is not a valid windows image. Please
> check this against your installtion disk" still pops up. I also
> notice during booting - the "CREATE CD50 - Bad Image" box (same
> message) and then the SYN TPL - Bad Image box (same message) now
> causes the Roxio CD Creator application to launch, followed by
> additional "Bad Message" boxes until booting is complete, each "Bad
> Message" carrying the title of the respective item booting up.
>
> Is there anyway to go directly to C:\WINNT\System32\yirozoyi.dll and
> simply manually delete the line?

"The only way to clean a compromised system is to flatten and rebuild.
That¢s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/com...mt/sm0504.mspx

Jo L wrote:
> I did slow scan with both MalwareBytes and SuperAntiSpyware. Both
> scans found malware that SpySweeper apparently missed - but the
> "...Bad Image" box with the message "The application DLL
> C:\WINNT\System32\yirozoyi.dll is not a valid windows image. Please
> check this against your installtion disk" still pops up. I also
> notice during booting - the "CREATE CD50 - Bad Image" box (same
> message) and then the SYN TPL - Bad Image box (same message) now
> causes the Roxio CD Creator application to launch, followed by
> additional "Bad Message" boxes until booting is complete, each "Bad
> Message" carrying the title of the respective item booting up.
>
> Is there anyway to go directly to C:\WINNT\System32\yirozoyi.dll and
> simply manually delete the line?
>
> JoLev

Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3,
type the name of the file into the search pane. Click "Find Next", and
when located, delete the reference to the file. Press F3 to continue
the search.

You can click File, Export, and save the entry to the Desktop. If you
remove it and there's a problem, double-click the .reg file you exported
to the Desktop and it'll be added to the registry again. You can create
a restore point before editing the registry too.

You could possibly click Start, Run, type MSCONFIG, click OK, click the
StartUp tab, and deselect the item(s). When you restart the computer,
you will be warned that you're running in the Diagnostic mode; click to
not alert you again, and OK out. You won't see the message again. But
I think it's best to just remove the references from the registry.

--
Joe =o)

Joe - Thank you! The REGEDIT solution did the trick...there were three
seperate instances of the file and manually deleting each of them has
prevented further occurrances of the annoying warming box appearing
before any application launch.

Shenan - Thank you for recommending MalwareBytes and SuperAntiSpyware.
Using these in addition to my paid version of SpySweeper has resulted
in a noticeably less sluggish operation of this old laptop.

You guys are great!

JoLev



On Sun, 30 Nov 2008 11:07:13 -0500, Elmo <elmogeek@iglou.invalid>
wrote:

>Jo L wrote:
>> I did slow scan with both MalwareBytes and SuperAntiSpyware. Both
>> scans found malware that SpySweeper apparently missed - but the
>> "...Bad Image" box with the message "The application DLL
>> C:\WINNT\System32\yirozoyi.dll is not a valid windows image. Please
>> check this against your installtion disk" still pops up. I also
>> notice during booting - the "CREATE CD50 - Bad Image" box (same
>> message) and then the SYN TPL - Bad Image box (same message) now
>> causes the Roxio CD Creator application to launch, followed by
>> additional "Bad Message" boxes until booting is complete, each "Bad
>> Message" carrying the title of the respective item booting up.
>>
>> Is there anyway to go directly to C:\WINNT\System32\yirozoyi.dll and
>> simply manually delete the line?
>>
>> JoLev
>
>Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3,
>type the name of the file into the search pane. Click "Find Next", and
>when located, delete the reference to the file. Press F3 to continue
>the search.
>
>You can click File, Export, and save the entry to the Desktop. If you
>remove it and there's a problem, double-click the .reg file you exported
>to the Desktop and it'll be added to the registry again. You can create
>a restore point before editing the registry too.
>
>You could possibly click Start, Run, type MSCONFIG, click OK, click the
>StartUp tab, and deselect the item(s). When you restart the computer,
>you will be warned that you're running in the Diagnostic mode; click to
>not alert you again, and OK out. You won't see the message again. But
>I think it's best to just remove the references from the registry.

<snipped>
Entire conversation:
http://groups.google.com/group/micro...09c44ac76401ab



Jo L wrote:
> Joe - Thank you! The REGEDIT solution did the trick...there were three
> seperate instances of the file and manually deleting each of them has
> prevented further occurrances of the annoying warming box appearing
> before any application launch.
>
> Shenan - Thank you for recommending MalwareBytes and SuperAntiSpyware.
> Using these in addition to my paid version of SpySweeper has resulted
> in a noticeably less sluggish operation of this old laptop.
>
> You guys are great!

Glad things are working better for you!

Thank *you* for coming back to let us know!

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html