PDA

View Full Version : Start Up DLLs


vivekphlp
2008-01-27, 07:42
Recenty my system was affected with Rootkit & i had formatted by C drive. My other drives cant be opened in the normal way. I have to use Explorer/ type the drive name in command promt..

When i was checking for my startup entries tho S&D i found that the DLLs
1) WINotify.dll
2) crypt32.dll
3) cryptnet.dll
4) cscdll.dll
5) wlnotify ( 4entires where there -
one value is "Schedule"
another "ScCertProp"
another "wlballoon"
another "termsrv"

KEY - VALUE - COMMAND LINE
WinLogon - crypt32chain - crypt32.dll
WinLogon - cryptnet - cryptnet.dll
WinLogon - cscdll - cscdll.dll
WinLogon - ScCertProp - wInotify.dll
WinLogon - Schedule - wInotify.dll
WinLogon - sclgntfy - sclgntfy.dll
WinLogon - SensLogn - WINotify.dll
WinLogon - termsrv - wInotify.dll
WinLogon - wlballoon - wInotify.dll

this link http://www.softwaretipsandtricks.com/dangerous_files/5081-WINOTIFYDLL.html
Says entry is a dangerous spy ware . Is it TRUE plz help.. .
md usa spybot fan
2008-01-27, 19:38
vivekphlp:

Is the entry in the startup wlnotify.dll or winotify.dll (l or i as the second letter)?

Also, please see the following thread:
Spybot System Startup Problem, HELP!
http://forums.spybot.info/showthread.php?t=21248
vivekphlp
2008-01-28, 04:53
Iam attaching my report...
md usa spybot fan
2008-01-28, 05:39
...

WinLogon - wlballoon - wInotify.dll

this link http://www.softwaretipsandtricks.com/dangerous_files/5081-WINOTIFYDLL.html
Says entry is a dangerous spy ware . Is it TRUE plz help.. .
Your report shows WlNotify.dll (in caps WLNOTIFY.DLL) which is a legitimate Microsoft dll file.
vivekphlp
2008-01-28, 10:36
ok . .. Thanks.. . I am confused with some other sites but i do believe in "S&D". . .
http://www.computing.net/security/wwwboard/forum/22249.html
They say it can be a Trojan ... .
bit confused..
Can you give me a solution for the problem with oppening my drives. . . When i click my drives it pops up an "open with page" .. .
plz help... .
md usa spybot fan
2008-01-28, 15:54
There difference between the dll that is in your startup entry and what you are looking up and keep providing references for.

Your startup entry is WlNotify.dll (with a lower case "L" as the second letter). You keep looking up WINotify.dll (with an upper case "I" as the second letter).

WLNOTIFY.DLL is a legitimate Microsoft dll file.
_______________

I really don't know what is causing the problems with your disk. Did you go into Disk Management and assign a drive letter to the disk?
vivekphlp
2008-01-29, 04:16
Thanks :)
By the by the problem with oppening my drives started after the attack of "Hackit.Rootkit"... whenever i try to open the drive it displays "open with" dialog... I have to use
RUN -> "drive name"