May 21st, 2004, 07:30 PM
I have a doubt on this thread http://www.antionline.com/showthread...hreadid=257938 and since it'd closed as well as the topic would've deviated I thought I'd post a new thread
k,if you look at post#7 by meeeeeee,he gave a few links as well as told the poster to delete system32.dll.Now this is a necessary system file as much as I knew...I dont understand why the file needed to be deleted and how windows booted after deleting it.Comments?http://forums.spywareinfo.com/index....=jksearch\.biz
Here're a couple of the links he posted
May 21st, 2004, 07:58 PM
I personally don't recommend what meeeeee told about going on deleting system files and registries. if they are infested they need to cleaned. Don't take such a advise until you are sur what you are doing nad know how to fall back if something gets wrong; and have the backup and OS disks ready........
If you have a problem with malware (virus/worms/Trojan/Adware)
If you are just very Paranoid just Go on format the whole thing reinstall everything.
or try some of the cleaners awailable. There many free cleaners avaliable for detecting and cleaning each type of Malware...
And hey who told you system32.dll was a system File.....Really are you sure about that ............ it sure sounds very much system file like. try searching your conputer do you have it on your computer. well this file is not necesarry for the working of the system you can delete it safely. well i don't and mine computer still works ..
Originally posted here by therenegade
he gave a few links as well as told the poster to delete system32.dll.Now this is a necessary system file as much as I knew...
system32.dll , sorry i should have clearily said it ;No it is not a valid System file , no sir no.
A drink For every one just realised that i am a AO Member Now . Ha ha Thought about Starting a Stupid Thread in The General Chit Chat Announcing this ... But naaa this willl do. ... Cheers
May 21st, 2004, 09:48 PM
I would comment that some malwares hide themselves with names that sound like valid system files. Others use the same name, but in another directory.
This is windowsME, but I don't have the file you mention.
Try doing a google search on any filename you are not sure about, there are a number of sites that give details of what Windows files/programs are for, and various malware spoofs.
May 21st, 2004, 10:08 PM
system32.dll IS NOT A SYSTEM FILE. %systemroot%/system32 is, but not .dll :|
May 22nd, 2004, 02:58 AM
I'd also disable system restore if you have that running. If you don't it will recover that file.
And once again for you to be sure about this. There is no mistake, that IS NOT a system file.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
May 22nd, 2004, 01:57 PM
I wouldnt recommend deleting any .dll files. DLL files are used to run an application at startup. If you delete a .DLL (Dynamic link library) file that application might not function properly. If you do decide to delete system32.dll make sure to back your system up first. I also went to my favorite site google http://www.google.com/microsoft?hq=m...ystem32.dll%27
did a search on this check out the results. Hope this helps, Computernerd22
May 22nd, 2004, 02:08 PM
Here's an advice to all of you...some of you may already be doing this:
Know your computer and all the programs that run in it when you restart the PC. Hell take a screenshot if you have to. Every once in a while, press CTRL-ALT-Delete and see if there's anything extra running. There's a ton of free programs on the net that give you details of the programs that are running in your process viewer. If you think you got hit by spyware, Close your browser, press CTRL-ALT-Delete and kill the spyware processes. THen find the folder where it is located and delete all you can...sometimes a few files will be writte protected. Then run the necessarily tools to remove the registries and the remainder of the files. If your browser got hijacked, DO NOT OPEN your Internet Explorer. Right click on its link, go to properties and make sure your home page is set to something like google...and not some god forsaken link...or you'll have to start all over again. Sometimes you might have to boot in safe mode to remove all the files.
Know your computer, Know what processes are running in it at any time, and know what each folder in your C:\ and in your C:\Program Files are. Not all spyware will name themselves as bluntly as BonziBuddy, or BargainBuddy...sometimes you might find a folder thats called Configuration and you'll think its a windows folder. Every once in a while go through your C and your program files folders and see what doesn't belong there. A lot of games, when you uninstall them, will also leave a folder with few files behind, such as save files, usernames, and user profiles. Delete those, it wont clean up much space but make it easier for you to be aware of what folders belong there.
May 22nd, 2004, 02:20 PM
Just one point and a question...jksearch is a browser hijacker that creates the system32.dll. If you look back through the log, you'll notice that it doesn't show up anywhere....so how did meeeeee know it was there? Because meeeeeee knows if jksearch shows up, then system32.dll is there, and if you don't get rid of it, it's going to keep coming back.
As has been stated, system32.dll is not a valid system file.
Computernerd, I'm sure I'm completely missing your point (sleep deprivation I suspect)...I looked through some of those links you found. You're right, in some cases system32.dll is called, but look at the context (for example):
O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\sysdll32.exe
The actual file being run is sysdll32.exe, which in this case is Backdoor.G_Door.c. Nowhere in any of those (and if I missed it, please point them out..I am often wrong, and I expect I will be wrong again ) does it say system32.dll is valid.
No legitimate system file ever shows up in the 04 class. In fact, one of the logs I just looked at completely missed the example above, and declared the log clean.
2nd edit: Do apostrophes work the same as quotation marks in Google? I didn't think they do??!