Malware infection on Windows .dll files might be causing OneNote to crash when inserting pdf printout. How to solve?

  • Thread starter Thread starter J&Y
  • Start date Start date
J

J&Y

Guest
Hi.


Recently my Microsoft OneNote crashed (after updating Windows) when inserting pdf, leading me to search about the resolution, in which I later saw an article online saying this might be due to corrupted system file.

I also saw 2 dialog boxes saying my StartupCheckLibrary.dll and winscomrssrv.dll is having problem everytime I restart my computer.

Then, I proceed to use Windows Defender and saw that there are 3 Trojan which are detected few days ago, affecting these .dll files.

aa993b2a-99e2-44e3-810d-655257b3b68b?upload=true.png290eb296-1b9e-4b6b-a835-a5de28d56ac1?upload=true.png7f06a0d1-aa0c-4bb2-a658-3c0d7a60dd20?upload=true.png


After I saw these malware detections, I ran a full scan on my computer using Windows Defender and discovered another malware.


66f1f1a7-1f6e-400a-a464-8ade92d074d2?upload=true.png

However, even after I block the new malware, I still can see the .dll file error on startup. (Maybe because Windows disabled them)

Hence, I downloaded Malwarebytes and ran a scan, only discovering that there are another 21 malwares and 1 potential-unwanted program in my pc.
Below are the scan details of Malwarebytes:

===========================================-Scan Details-===================================
Process: 0

(No malicious items detected)



Module: 0

(No malicious items detected)



Registry Key: 12

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, 503, 735770, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{320A7A0D-A208-4B4F-903A-3E6F13E752B3}, Quarantined, 503, 735770, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{320A7A0D-A208-4B4F-903A-3E6F13E752B3}, Quarantined, 503, 735770, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, Quarantined, 503, 780529, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DE2C3868-F32D-4B19-9835-D95C6D8547A1}, Quarantined, 503, 780529, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{DE2C3868-F32D-4B19-9835-D95C6D8547A1}, Quarantined, 503, 780529, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\WDI\SrvHost, Quarantined, 503, 735769, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94ACB16B-0DB5-472C-940A-27C755BB60DC}, Quarantined, 503, 735769, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{94ACB16B-0DB5-472C-940A-27C755BB60DC}, Quarantined, 503, 735769, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}, Quarantined, 503, 780231, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}, Quarantined, 503, 780231, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\Winlogui, Quarantined, 503, 780231, 1.0.33344, , ame, , ,



Registry Value: 5

Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{5FEC48C2-B8AD-4764-9EF3-151676F950BF}, Quarantined, 943, 840273, 1.0.33344, , ame, , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}|PATH, Quarantined, 503, 780232, 1.0.33344, , ame, , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{320A7A0D-A208-4B4F-903A-3E6F13E752B3}|PATH, Quarantined, 503, 782993, 1.0.33344, , ame, , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94ACB16B-0DB5-472C-940A-27C755BB60DC}|PATH, Quarantined, 503, 784920, 1.0.33344, , ame, , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DE2C3868-F32D-4B19-9835-D95C6D8547A1}|PATH, Quarantined, 503, 780528, 1.0.33344, , ame, , ,



Registry Data: 1

PUP.Optional.WinYahoo, HKU\S-1-5-21-2774254989-1650552144-2002851637-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, 240, 292990, 1.0.33344, , ame, , ,



Data Stream: 0

(No malicious items detected)



Folder: 0

(No malicious items detected)



File: 4

Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, Quarantined, 503, 735770, 1.0.33344, , ame, , DEA456F460781902A6EDB31CA9A96DC9, EC91DFE21206FF8313556A0124B9D1D97BC80B2A825B1B9AA93CDA08349373D6

Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, Quarantined, 503, 780529, 1.0.33344, , ame, , C93DAD9E123D108F11F2AFC72464F3A9, EBB1F78E2A6B796D94CFCDD65524BE6C700C51D2E9CB29280761077DCF17A4DC

Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WDI\SRVHOST, Quarantined, 503, 735769, 1.0.33344, , ame, , C0BA5C27FC06432C8096FDAF68380A96, 79D6C9C41A2602C3E962CDA1F8135BB74E2C4C6FA7967F599FC5C421546C5EA7

Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, Quarantined, 503, 780231, , , , , 75D3AC02E91DFC310210F54F7260EF58, 625FC0A0BAAB1B513E29AED5824308BB78A43E558AC18A418354304379F1749E



Physical Sector: 0

(No malicious items detected)



WMI: 0

(No malicious items detected)



(end)

===========================================-End Of Scan Details-===================================


After quarantining the malwares detected using Malwarebytes, now I do not see the StartupUpdateLibrary.dll error anymore.



However, I suspect my computer has been infected. And those system files that are quarantined cannot be quarantine forever and I will need to use them some day.

And also, my OneNote still crash when inserting pdf.

When I use OneNote web client, I can see the pdf being inserted, but the content is not shown either.


I would like to remove these malwares, but I afraid I will damage my computer. Could anyone help me? Thank you so much.

Continue reading...
 
You must log in or register to reply here.

Similar threads

M
Can't run Windows Update, Windows Security, or Windows Defender.
Replies
0
Views
16
Michalis11
M
J
windows security at glance / can't check windows update / cant open microsoft store.
Replies
0
Views
29
jordy5566
J
M
Can't run Windows Update, Windows Security, or Windows Defender.
Replies
0
Views
8
Michalis11
M
F
Trojan:Win32/Zpevdo.B is active and action cannot be taken
Replies
0
Views
14
Frowley
F
C
Malware
Replies
0
Views
96
Compuuter
C
Back
Top