Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
how to remove d3d.dll
- Thread starter jadoogar
- Start date
CableInstaller
Technical User
jadoogar
I made up this scanner based on some other programs to scan for files related to that virus or better know as cws.
*Not all files listed will be trojan, but if you have the trojan dll it will be listed there.
If you leave it at defaults, Click Locate.com, then Click Compare, post that Logfile here, if you are infected it will show the hidden dll file. The file cannot be seen or accessed in Windows, the registry entry for it is also hidden but can be seen by exporting the key as .hiv and reading unicode characters in notepad.
The file that AVG is detecting is most likely the BHO that the hidden dll creates, this particular trojan is very hard to detect and remove, but not impossible.
I made up this scanner based on some other programs to scan for files related to that virus or better know as cws.
*Not all files listed will be trojan, but if you have the trojan dll it will be listed there.
If you leave it at defaults, Click Locate.com, then Click Compare, post that Logfile here, if you are infected it will show the hidden dll file. The file cannot be seen or accessed in Windows, the registry entry for it is also hidden but can be seen by exporting the key as .hiv and reading unicode characters in notepad.
The file that AVG is detecting is most likely the BHO that the hidden dll creates, this particular trojan is very hard to detect and remove, but not impossible.
- Thread starter
- #3
DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
C:\WINNT\SYSTEM32\msstkprp.dll Thu 5 Apr 2001 23:13:20 A.S.R 94,208 92.00 K
________________________________________________
1,310 items found: 1,310 files (1 H/S), 0 directories.
Total of file sizes: 258,200,969 bytes 246.24 M
Administrator Account = True
AppInit_DLLs value = C:\WINNT\system32\d3d.dll (not hidden)
--------------------End log---------------------
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
C:\WINNT\SYSTEM32\msstkprp.dll Thu 5 Apr 2001 23:13:20 A.S.R 94,208 92.00 K
________________________________________________
1,310 items found: 1,310 files (1 H/S), 0 directories.
Total of file sizes: 258,200,969 bytes 246.24 M
Administrator Account = True
AppInit_DLLs value = C:\WINNT\system32\d3d.dll (not hidden)
--------------------End log---------------------
CableInstaller
Technical User
The file "C:\WINNT\system32\d3d.dll" is a mystery without doing file properties on it.
It would seem it is either a library used in Unreal Tournament or it is an actual trojan..
Why it would need to load in AppInit_DLLs is suspicious at most.
Perhaps find this d3d.dll in system32 and see what file properties you get on it(or if it triggers the AVG alert)
If it is void of any info (company name, version, etc) I would think to remove it and that reg value as well.
C:\WINNT\SYSTEM32\msstkprp.dll Thu 5 Apr 2001 23:13:20 A.S.R 94,208 92.00 K
Is a legit M$ file, I have the same one..and same read error on it?? not sure why.
It would seem it is either a library used in Unreal Tournament or it is an actual trojan..
Why it would need to load in AppInit_DLLs is suspicious at most.
Perhaps find this d3d.dll in system32 and see what file properties you get on it(or if it triggers the AVG alert)
If it is void of any info (company name, version, etc) I would think to remove it and that reg value as well.
C:\WINNT\SYSTEM32\msstkprp.dll Thu 5 Apr 2001 23:13:20 A.S.R 94,208 92.00 K
Is a legit M$ file, I have the same one..and same read error on it?? not sure why.
I worked on a friends computer that had a hidden/system *.dll file that would pop-up a window. If you tried to close the window, it's freeze up the computer, forcing you to power it off, then on again. Couldn't find any information about that particular dll in a search on the Internet, but did figure out a way to disable it, then deleted it, problem solved. I couldn't do anything with the file while in Windows.
Using your file as an example: (ignore quotes below)
I booted into DOS mode, changed to the c:\windows\system32 folder and ran "attrib d3d.dll", found the attributes of hidden and system, which is why I couldn't delete the file while I was in Windows. I did an "attrib -h -s d3d.dll", then renamed the file, then rebooted. No pop-up window, everything worked fine, then I deleted the file.
Using your file as an example: (ignore quotes below)
I booted into DOS mode, changed to the c:\windows\system32 folder and ran "attrib d3d.dll", found the attributes of hidden and system, which is why I couldn't delete the file while I was in Windows. I did an "attrib -h -s d3d.dll", then renamed the file, then rebooted. No pop-up window, everything worked fine, then I deleted the file.
Guest
I saw this program referenced on an antispyware site a couple of weeks ago:
- Status
Similar threads
- Locked
- Question
- Locked
- Question
