Discussion:
RUNDLL ----- C\WINDOWS\SYSTEM32\gzmrt.dll
(too old to reply)
Blair
2007-12-15 13:49:00 UTC
Permalink
HI
Can anyone help me here with this problem. It started about 4 days ago.
It say that the RUNDLL----- C\WINDOWS/SYSTEM32/gzmrt.dll?
this Module could not be Found.



Thks
Mark L. Ferguson
2007-12-15 13:57:38 UTC
Permalink
AumHa Forums HijackThis log site: http://aumha.net/viewtopic.php?t=4075
--
Mark L. Ferguson
e-mail subject line must include "QZ" or it's deleted
Holiday Lights: http://www.geocities.com/marfer_mvp/Xmaslgt.zip .
Post by Blair
HI
Can anyone help me here with this problem. It started about 4 days ago.
It say that the RUNDLL----- C\WINDOWS/SYSTEM32/gzmrt.dll?
this Module could not be Found.
Thks
Blair
2007-12-15 14:26:01 UTC
Permalink
Thks "Mark, For the info

Blair
Post by Mark L. Ferguson
AumHa Forums HijackThis log site: http://aumha.net/viewtopic.php?t=4075
--
Mark L. Ferguson
e-mail subject line must include "QZ" or it's deleted
Holiday Lights: http://www.geocities.com/marfer_mvp/Xmaslgt.zip .
Post by Blair
HI
Can anyone help me here with this problem. It started about 4 days ago.
It say that the RUNDLL----- C\WINDOWS/SYSTEM32/gzmrt.dll?
this Module could not be Found.
Thks
nass
2007-12-15 14:14:01 UTC
Permalink
Post by Blair
HI
Can anyone help me here with this problem. It started about 4 days ago.
It say that the RUNDLL----- C\WINDOWS/SYSTEM32/gzmrt.dll?
this Module could not be Found.
Thks
Download the Autoruns.exe from Microsoft download:
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
Locate the entry on the Startup list and remove.

Then Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
Let us know how it is going.
nass
----
http://www.nasstec.co.uk
Blair
2007-12-15 14:24:00 UTC
Permalink
Tks "Nass , For this info I will start working with this and will update
later how thing
went?

Blair
Post by nass
Post by Blair
HI
Can anyone help me here with this problem. It started about 4 days ago.
It say that the RUNDLL----- C\WINDOWS/SYSTEM32/gzmrt.dll?
this Module could not be Found.
Thks
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
Locate the entry on the Startup list and remove.
1... First, try to clean up your caches, Internet files and delete cookies
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
http://support.microsoft.com/kb/883256
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
http://www.avast.com/eng/avast-virus-cleaner.html
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
After the scan run disk cleanup on your drive.
2- Download the Hijackthis and send the report to one of many
http://www.merijn.org/index.php
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
Let us know how it is going.
nass
----
http://www.nasstec.co.uk
db ´¯`·.. ><)))º>` .. .
2007-12-15 16:11:58 UTC
Permalink
well, that may be a good
thing. if the module/file
cannot be found because
something is trying to run
it, then possibly your
antiviral zapped it.

you might want to google
that dll and see what it
belongs to. then decide
whether to reinstall its
parent program or remove
the program and or the
files that linger on your
system.
--
db ·´¯`·.¸. , . .·´¯`·..><)))º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><)))º>¸.
<)))º>·´¯`·.¸. , . .·´¯`·.. ><)))º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><)))º>
.
HI
Can anyone help me here with this problem. It started about 4 days ago.
It say that the RUNDLL----- C\WINDOWS/SYSTEM32/gzmrt.dll?
this Module could not be Found.
Thks
Patrick Keenan
2007-12-16 17:10:56 UTC
Permalink
Post by Blair
HI
Can anyone help me here with this problem. It started about 4 days ago.
It say that the RUNDLL----- C\WINDOWS/SYSTEM32/gzmrt.dll?
this Module could not be Found.
That file not being found would be a Good Thing, as it's almost certainly
malware.

What's happened is that your A/V software detected and removed malware, but
left behind the reference for the loader. Use MSCONFIG to identify it,
then go delete the reference, which is likely in the registry.

You may want to do a full scan of your system, and download ccleaner to
clear out the temp folders; this is where most malware enters and launches
from. www.ccleaner.com

HTH
-pk
Post by Blair
Thks
pattyandme
2008-02-08 15:25:02 UTC
Permalink
Post by Patrick Keenan
Post by Blair
HI
Can anyone help me here with this problem. It started about 4 days ago.
It say that the RUNDLL----- C\WINDOWS/SYSTEM32/gzmrt.dll?
this Module could not be Found.
That file not being found would be a Good Thing, as it's almost certainly
malware.
What's happened is that your A/V software detected and removed malware, but
left behind the reference for the loader. Use MSCONFIG to identify it,
then go delete the reference, which is likely in the registry.
You may want to do a full scan of your system, and download ccleaner to
clear out the temp folders; this is where most malware enters and launches
from. www.ccleaner.com
HTH
-pk
Post by Blair
Thks
pattyandme
2008-02-08 15:26:07 UTC
Permalink
gzmrt.dll: remote hacker attack

Ok I’ve decided to put this all in one place.
1st off I was experiencing slow pc behavior
I found when I was in COD2 my ping would jump from 70 to 800+
Time Warner was at this time working on IP addressing in this area and said
they may have laggy access. (Figured it was them for about a week) It wasn’t.
My computer hd is set up like a dell with 3 partitions 1 for dos 1 for
windows and 1 for a recovery image

Trojan. Unclassified/FukuRuku. Process

CA-Anti-Spy (toolbar) named as AdRotator F (adware)

This is a remote hacker attack:

How I removed it:
Software I used:
SAVEPART.exe (dos): Drive image creator
NTFS4DOS.exe (dos): NTFS access for DOS
DOS 7.1 (someone made a full version)
Windows Defender
CA-Anti-Spy (yahoo toolbar and on)

Boot to DOS, load NTFS4DOS, and at command prompt find the drive allocation
for Windowsxp
In my case it was F:\
From C:\ command prompt type

C:\ > attrib –A –H F:\windows\system32\gzmrt.dll /s
ENTER
-A This changes the file gxmrt.dll archive bit to unchecked
-H makes sure it’s not hidden
-S makes sure it’s not a system file
/s includes the sub directories in the tree

C:\ > DELTREE F:\windows\system32\gzmrt.dll
If you try and use just DEL then dos cannot find the file because the file
is a binary directory

After deleting the gzmrt.dll reboot to windowsxp
You will get an “error cant find gxmrt.dll” after you log on, read on

Use start/run regedit and find and open this folder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete this key within the above folder

postsetupcheck
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" Dll -Start
This stops the error flag


Not sure what these do but the 1st 2 are listed under publisher not
available so I disabled them as to date nothing is a miss from it the last
one however is a new entry I found in the startup heading of windows defender
and it contains a 2ndary reference to gzmrt.dll
So I disabled this too. Note there is a 2nd process running on my pc called
*rundll32 and is legit make sure you get the correct files else you find
unexpected mishaps.

File Name: ISUSPM.exe -startup
Startup Value: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
File Path: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Disabled
SpyNet Voting: In Progress

File Name: issch.exe" -start
Startup Value: "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
File Path: "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Disabled
SpyNet Voting: Not Available

*File Name: Rundll32.exe
Display Name: Microsoft Run a DLL as an App
Description: Run a DLL as an App
Publisher: Microsoft Corporation
Digitally Signed By: Microsoft Windows Verification Intermediate PCA
File Type: Application
Startup Value: C:\WINDOWS\System32\Rundll32.exe
"C:\WINDOWS\system32\gzmrt.dll" DllStart
File Path: C:\WINDOWS\System32\Rundll32.exe
File Size: 33280
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Installed: 8/10/2004 6:00:00 AM
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Disabled
Ships with Operating System: Yes
SpyNet Voting: Not applicable
Patrick Keenan
2008-02-10 03:25:11 UTC
Permalink
Post by pattyandme
gzmrt.dll: remote hacker attack
Ok I've decided to put this all in one place.
1st off I was experiencing slow pc behavior
I found when I was in COD2 my ping would jump from 70 to 800+
Time Warner was at this time working on IP addressing in this area and said
they may have laggy access. (Figured it was them for about a week) It wasn't.
My computer hd is set up like a dell with 3 partitions 1 for dos 1 for
windows and 1 for a recovery image
Trojan. Unclassified/FukuRuku. Process
CA-Anti-Spy (toolbar) named as AdRotator F (adware)
SAVEPART.exe (dos): Drive image creator
NTFS4DOS.exe (dos): NTFS access for DOS
DOS 7.1 (someone made a full version)
Windows Defender
CA-Anti-Spy (yahoo toolbar and on)
Boot to DOS, load NTFS4DOS, and at command prompt find the drive allocation
for Windowsxp
In my case it was F:\
From C:\ command prompt type
C:\ > attrib -A -H F:\windows\system32\gzmrt.dll /s
ENTER
-A This changes the file gxmrt.dll archive bit to unchecked
-H makes sure it's not hidden
-S makes sure it's not a system file
/s includes the sub directories in the tree
C:\ > DELTREE F:\windows\system32\gzmrt.dll
If you try and use just DEL then dos cannot find the file because the file
is a binary directory
It would be easier booting to the Recovery Console.
Post by pattyandme
After deleting the gzmrt.dll reboot to windowsxp
You will get an "error cant find gxmrt.dll" after you log on, read on
Use start/run regedit and find and open this folder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete this key within the above folder
postsetupcheck
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" Dll -Start
This stops the error flag
But does not remove the infection.
Post by pattyandme
Not sure what these do but the 1st 2 are listed under publisher not
available so I disabled them as to date nothing is a miss from it the last
one however is a new entry I found in the startup heading of windows defender
and it contains a 2ndary reference to gzmrt.dll
So I disabled this too. Note there is a 2nd process running on my pc called
*rundll32 and is legit make sure you get the correct files else you find
unexpected mishaps.
File Name: ISUSPM.exe -startup
This is from Install Shield, the basic supplier of installation software
used by most manufacturers.

<snip>
Post by pattyandme
*File Name: Rundll32.exe
This is used by many other processes.

HTH
-pk

<snip>
pattyandme
2008-02-10 05:01:00 UTC
Permalink
Post by Patrick Keenan
Post by pattyandme
gzmrt.dll: remote hacker attack
Ok I've decided to put this all in one place.
1st off I was experiencing slow pc behavior
I found when I was in COD2 my ping would jump from 70 to 800+
Time Warner was at this time working on IP addressing in this area and said
they may have laggy access. (Figured it was them for about a week) It wasn't.
My computer hd is set up like a dell with 3 partitions 1 for dos 1 for
windows and 1 for a recovery image
Trojan. Unclassified/FukuRuku. Process
CA-Anti-Spy (toolbar) named as AdRotator F (adware)
SAVEPART.exe (dos): Drive image creator
NTFS4DOS.exe (dos): NTFS access for DOS
DOS 7.1 (someone made a full version)
Windows Defender
CA-Anti-Spy (yahoo toolbar and on)
Boot to DOS, load NTFS4DOS, and at command prompt find the drive allocation
for Windowsxp
In my case it was F:\
From C:\ command prompt type
C:\ > attrib -A -H F:\windows\system32\gzmrt.dll /s
ENTER
-A This changes the file gxmrt.dll archive bit to unchecked
-H makes sure it's not hidden
-S makes sure it's not a system file
/s includes the sub directories in the tree
C:\ > DELTREE F:\windows\system32\gzmrt.dll
If you try and use just DEL then dos cannot find the file because the file
is a binary directory
It would be easier booting to the Recovery Console.
Post by pattyandme
After deleting the gzmrt.dll reboot to windowsxp
You will get an "error cant find gxmrt.dll" after you log on, read on
Use start/run regedit and find and open this folder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete this key within the above folder
postsetupcheck
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" Dll -Start
This stops the error flag
But does not remove the infection.
Post by pattyandme
Not sure what these do but the 1st 2 are listed under publisher not
available so I disabled them as to date nothing is a miss from it the last
one however is a new entry I found in the startup heading of windows defender
and it contains a 2ndary reference to gzmrt.dll
So I disabled this too. Note there is a 2nd process running on my pc called
*rundll32 and is legit make sure you get the correct files else you find
unexpected mishaps.
File Name: ISUSPM.exe -startup
This is from Install Shield, the basic supplier of installation software
used by most manufacturers.
<snip>
Post by pattyandme
*File Name: Rundll32.exe
This is used by many other processes.
HTH
-pk
<snip>
pattyandme
2008-02-10 05:02:00 UTC
Permalink
The infection was gzmrt.dll
The access point was the brouser object i guess.
the error was from a call to the regestry with no file found
pattyandme
2008-02-10 06:11:00 UTC
Permalink
Post by pattyandme
The infection was gzmrt.dll
The access point was the brouser object i guess.
the error was from a call to the regestry with no file found
the error was the call after login to run the gzmrt.dll which was loaded as
an executable program.
I belive the 3rd object was an activex controll brouser helper object.

I allowed this to execute when i installed another program.

this guy is no longer accessing my computer he can't.

I am a hobbiest programer.
I do not have tools to break down his programing and examine what he was
doing nor do i know if all the files from his work are distroyed.
I do know i coulld not find any information about this adrotator F adware
which was reaccuring on my anti-spy checker.
as well none of the scans from microsoft security cleaner found it.
no web site microsoft or any other had any information about this.

This was a remote hacker i could tell when he was on and when he wasnt by
the latency in my computer.

I no DOS the new syntax for console commands from the recovery partition I
havent a clue ive read a little about them but i dont no them.
so for me dos was easer then to look up how to call deltree 1st in another
syntax.

It was not a file it was a directory made to look like a libary and called
to execute from a login start regestry entry.

thats all i know about it.

Its Gone I'm happy.
thanks for your help
pattyandme
2008-02-10 19:45:01 UTC
Permalink
I did download and install a hex editor and found refrances to the
FukuRuku Adrotator F stuff within the gzmrt.dll.
which is why I deleted the file.
crazyMike
2009-05-25 05:23:02 UTC
Permalink
I have had the same problem and worse in the last 2 days,,, I have felt like
using a ball bat on my PC,,, here is a post that I believe identifys the
problem,,,It appears gzmrt.dll is a trojan that hichikes on our browsers...

The process belongs to the software gzmrt.dll by unknown.

Description: gzmrt.dll is located in the folder C:\Windows\System32. Known
file sizes on Windows XP are 72,192 bytes (41% of all occurrence), 64,000
bytes, 69,120 bytes, 135,680 bytes, 64,512 bytes.
This .dll file is a Browser Helper Object (BHO) that runs automatically
every time you start your Internet browser. BHOs are not stopped by personal
firewalls, because they are identified by the firewall as your browser
itself. BHOs are often used by adware and spyware. The unique ID of this BHO
is 10F3E8BD-257A-4702-A2F5-DC02055B068C or
7D9362F8-77D8-4b29-97B5-621D550890C0. There is no description of the program.
The program has no visible window. It is an unknown file in the Windows
folder. File gzmrt.dll is able to monitor Internet browser. The service has
no detailed description. It is not a Windows core file. Program starts upon
Windows startup (see Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Therefore
the technical security rating is 98% dangerous, however also read the users
reviews.

Recommended: Identify gzmrt.dll related errors


Important: Some malware camouflage themselves as gzmrt.dll, particularly if
they are located in c:\windows or c:\windows\system32 folder. Thus check the
gzmrt.dll process on your pc whether it is pest. We recommend Security Task
Manager for verifying your computer's security. It is one of the Top Download
Picks of 2005 of The Washington Post and PC World.
Post by Blair
HI
Can anyone help me here with this problem. It started about 4 days ago.
It say that the RUNDLL----- C\WINDOWS/SYSTEM32/gzmrt.dll?
this Module could not be Found.
Thks
crazyMike
2009-05-25 05:20:02 UTC
Permalink
The process belongs to the software gzmrt.dll by unknown.

Description: gzmrt.dll is located in the folder C:\Windows\System32. Known
file sizes on Windows XP are 72,192 bytes (41% of all occurrence), 64,000
bytes, 69,120 bytes, 135,680 bytes, 64,512 bytes.
This .dll file is a Browser Helper Object (BHO) that runs automatically
every time you start your Internet browser. BHOs are not stopped by personal
firewalls, because they are identified by the firewall as your browser
itself. BHOs are often used by adware and spyware. The unique ID of this BHO
is 10F3E8BD-257A-4702-A2F5-DC02055B068C or
7D9362F8-77D8-4b29-97B5-621D550890C0. There is no description of the program.
The program has no visible window. It is an unknown file in the Windows
folder. File gzmrt.dll is able to monitor Internet browser. The service has
no detailed description. It is not a Windows core file. Program starts upon
Windows startup (see Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Therefore
the technical security rating is 98% dangerous, however also read the users
reviews.

Recommended: Identify gzmrt.dll related errors


Important: Some malware camouflage themselves as gzmrt.dll, particularly if
they are located in c:\windows or c:\windows\system32 folder. Thus check the
gzmrt.dll process on your pc whether it is pest. We recommend Security Task
Manager for verifying your computer's security. It is one of the Top Download
Picks of 2005 of The Washington Post and PC World.
Post by Blair
HI
Can anyone help me here with this problem. It started about 4 days ago.
It say that the RUNDLL----- C\WINDOWS/SYSTEM32/gzmrt.dll?
this Module could not be Found.
Thks
Loading...