Ruxoup.dll

Ghostsong · Jan 14, 2017

My antivirus is quarantining this as a backdoor trojan. I tried to Google it to make sure it wasn't a false positive before deleting it, but nothing comes back. Anyone know anything about it?

carnageX · Jan 14, 2017

What directory is it in? That's the important part to know.

Ghostsong · Jan 14, 2017

carnageX said:
What directory is it in? That's the important part to know.

Think it came of of system 32 but origin is listed as unknown

carnageX · Jan 14, 2017

The quarantine should list the folder that it was saved in - or does your AV not show that?

Ghostsong · Jan 15, 2017

carnageX said:
The quarantine should list the folder that it was saved in - or does your AV not show that?

/appdata/locallow/ruxoup.dll

carnageX · Jan 15, 2017

It's just in the root of locallow? That's..odd. I'd def say that's not normal.

I suggest running a scan with MBAM and AdwCleaner.

Ghostsong · Jan 15, 2017

carnageX said:
It's just in the root of locallow? That's..odd. I'd def say that's not normal.

I suggest running a scan with MBAM and AdwCleaner.

What's that folder for? I'll admit I was running for about a month there with no av software but I'd only cut the computer on to do what I needed and then cut it off. Haven't downloaded anything and I disabled Java ages ago so I'm not sure how I even picked this up.

carnageX · Jan 15, 2017

LocalLow and Local are machine-wide AppData folders. Roaming is more for user-specific data.

Ghostsong · Jan 15, 2017

carnageX said:
LocalLow and Local are machine-wide AppData folders. Roaming is more for user-specific data.

I'll run those extra scans later when I get home. After the quarantine my computer wouldn't boot and I had to have it fix itself by restoring to an earlier point is why I was asking if maybe if was a false positive. It seems the avs has the file reported less than 10 times. Would a DLL file be able to unload a virus payload without being opened with an application?

carnageX · Jan 15, 2017

Ghostsong said:
I'll run those extra scans later when I get home. After the quarantine my computer wouldn't boot and I had to have it fix itself by restoring to an earlier point is why I was asking if maybe if was a false positive. It seems the avs has the file reported less than 10 times. Would a DLL file be able to unload a virus payload without being opened with an application?

What AV are you running?

That all depends on how the DLL is being used; could have been made to hook into an existing Windows service or another application and execute the functions in the unknown DLL if it is indeed malware.

Ruxoup.dll

Ghostsong

Tactical Espionage Poster

carnageX

Private Joker,

Ghostsong

Tactical Espionage Poster

carnageX

Private Joker,

Ghostsong

Tactical Espionage Poster

carnageX

Private Joker,

Ghostsong

Tactical Espionage Poster

carnageX

Private Joker,

Ghostsong

Tactical Espionage Poster

carnageX

Private Joker,

Similar threads