this popped up from email i believe
it seems to be malware but is installed by a trojan
it pops up windows saying "you're infected buy winweb security to fix it"
of course it does nothing
lots of other pop ups too
disables firewall and antivirus
so
i looked up winweb security found much misinformation associated with it
downloaded windows defender from microsoft and joined it's club
defender found some issues and files it could not delete. the antivirus norton found nothing
if found these files to be self starting:  wibotelo.dll and yokamuye.dll
these were in windows/system32
it found this key in HKLM/software/microsoft/windows/currentversion/run
CPMd7a7a959
i also found this suspicious key  d4949ac5

nothing would delete even with starting at command prompt.  so i loaded a copy of bart's pre-installed environment.  i used to use it as a not so good pc tech.
it loads a virtual xp from the cd
navigated to sys32 folder deleted files.

rebooted to regular xp.  viola, the antivirus finds files and deletes them.
the windows defender says good job.

there are a few more suspicious files i will delete.

files i have deleted include, all from windows/system32
wibotelo.dll
yokamuye.dll
zelokore.dll

i am now gonna delete vubebiye.dll which is associated with the key layayahinu.  there is no info on this i think this is new.  byebye to it.

i'm putting up this info for all out there.  you need barts pre installed environment and windows defender.  defender uses that crazy validation thing, so you must validate windows to get it.

good luck to anyone else who gets this.

go that way really fast.
if something gets in your way
turn