Start Up DLLs

**vivekphlp** · 2008-01-27, 07:42

Recenty my system was affected with Rootkit & i had formatted by C drive. My other drives cant be opened in the normal way. I have to use Explorer/ type the drive name in command promt..

When i was checking for my startup entries tho S&D i found that the DLLs
1) WINotify.dll
2) crypt32.dll
3) cryptnet.dll
4) cscdll.dll
5) wlnotify ( 4entires where there -
one value is "Schedule"
another "ScCertProp"
another "wlballoon"
another "termsrv"

KEY - VALUE - COMMAND LINE
WinLogon - crypt32chain - crypt32.dll
WinLogon - cryptnet - cryptnet.dll
WinLogon - cscdll - cscdll.dll
WinLogon - ScCertProp - wInotify.dll
WinLogon - Schedule - wInotify.dll
WinLogon - sclgntfy - sclgntfy.dll
WinLogon - SensLogn - WINotify.dll
WinLogon - termsrv - wInotify.dll
WinLogon - wlballoon - wInotify.dll

this link http://www.softwaretipsandtricks.com...NOTIFYDLL.html
Says entry is a dangerous spy ware . Is it TRUE plz help.. .

**md usa spybot fan** · 2008-01-27, 19:38

vivekphlp:

Is the entry in the startup wlnotify.dll or winotify.dll (l or i as the second letter)?

Also, please see the following thread:

Spybot System Startup Problem, HELP!
http://forums.spybot.info/showthread.php?t=21248

**vivekphlp** · 2008-01-28, 04:53

Iam attaching my report...

**md usa spybot fan** · 2008-01-28, 05:39

Originally Posted by vivekphlp

...

WinLogon - wlballoon - wInotify.dll

this link http://www.softwaretipsandtricks.com...NOTIFYDLL.html
Says entry is a dangerous spy ware . Is it TRUE plz help.. .

Your report shows WlNotify.dll (in caps WLNOTIFY.DLL) which is a legitimate Microsoft dll file.

**vivekphlp** · 2008-01-28, 10:36

ok . .. Thanks.. . I am confused with some other sites but i do believe in "S&D". . .
http://www.computing.net/security/ww...rum/22249.html
They say it can be a Trojan ... .
bit confused..
Can you give me a solution for the problem with oppening my drives. . . When i click my drives it pops up an "open with page" .. .
plz help... .

**md usa spybot fan** · 2008-01-28, 15:54

There difference between the dll that is in your startup entry and what you are looking up and keep providing references for.

Your startup entry is WlNotify.dll (with a lower case "L" as the second letter). You keep looking up WINotify.dll (with an upper case "I" as the second letter).

WLNOTIFY.DLL is a legitimate Microsoft dll file.
_______________

I really don't know what is causing the problems with your disk. Did you go into Disk Management and assign a drive letter to the disk?

**vivekphlp** · 2008-01-29, 04:16

Thanks

By the by the problem with oppening my drives started after the attack of "Hackit.Rootkit"... whenever i try to open the drive it displays "open with" dialog... I have to use
RUN -> "drive name"

Thread: Start Up DLLs

Thread Tools

Display

Start Up DLLs

Posting Permissions