Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Potential Virus? DLLTools.dll 1

Status
Not open for further replies.
1DMF

1DMF

Programmer
Jan 18, 2005
8,795
0
0
GB
Hi,

We have 3 machines that Panda have quarantined the file dlltools.dll as being a 'Generic Trojan' , however when trying to find information regarding the file DLLTools.dll , I can't seem to find much at all.

I have found this...



Which is currently under review so isn't clear if this is a virus or not.

Does anyone know if this file is a virus and if so what it does?

Thanks,
1DMF.

"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Free Electronic Dance Music Download
 
Sort by date Sort by votes
to add to this, I just ran the webroot AV on the computer where Panda had quarantined this DLLTools.dll file and it now claims there is another virus on the computer..

Win32.Sefnit.Gen

However, it states it is in the program files (x86) folder under centrastage, which is some software put on our computers by the IT support company.

Is this a false positive or is this a virus?

Thanks,
1DMF

"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Free Electronic Dance Music Download
 
Upvote 0 Downvote
If it's remote control software for your IT company (which I see it is after looking), it could have triggered a warning as malware.

I would not allow that to be deleted or quarantined.

For peace of mind, run TDSSKiller, MalwareByte's Anti-mailware and GMER. If all of those come back clean, I wouldn't worry.
 
Upvote 0 Downvote
Can you look at the file properties and see the manufacturer / internal name / build etc? Also try dependancy walker I use it to see what DLL calls etc a program / DLL makes.

Process Explorer is also a helpful tool. I usually leave in in a DIR on the servers I maintain for reasons like this.

In Delphi there is a tool called Winsight, to see what executeables are running, handles, hidden forms, internal exe / dll names etc, which is my favourite.

As said earlier, it could be an input hook for support.
 
Upvote 0 Downvote
I've quarantined the DLLTools.dll and igonored the centrastage after liaising with the support company.

I have found this webroot software to be a waste of time as it is throwing up too many false positives to be of any use.

I've not had a report from anyone with the quarantined DLLTools.ddl that something has stopped functioning, so I think we are ok.

"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Free Electronic Dance Music Download
 
Upvote 0 Downvote
Please follow instructions on the scans I mentioned for peace of mind. Getting second and third opinions on malware/infection status is the only way to feel comfortable. Any one given anti-virus or anti-malware program may miss a significant percent of malware. Therefore, you use different tools.
 
Upvote 0 Downvote
sorry, I failed to mention we also run Malware-bytes as standard, which didn't find anything, well apart from the group policy we have restricting staff from changing their screen saver from the corporate one, so only another false positive.

Kaspersky found nothing neither did GMER!

I appreciate no single AV product is 100% and have found that MBAM isn't as good as it used to be!



"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Free Electronic Dance Music Download
 
Upvote 0 Downvote
I am not at work, but my av (F-secure) quarantined a critical app that we use yesterday. I think that was the name it was giving. We have had this app for over 5 years so I am pretty confident it is OK. I submitted it as a false positive so will see what happens today.
 
Upvote 0 Downvote
F-secure has updated their definitions so my file is now detected as clean. I ran it through VirusTotal and Panda also calls my file clean.

You might check to see if Pandas latest def files are still flagging your file.

FYI, F-secure was flagging my file as 'Gen:Variant.Barys.2063'. I don't know it that correlates with Pandas naming conventions at all.

 
Upvote 0 Downvote
MBAM isn't as good as it used to be!
Click to expand...

I would say that might not be the case but rather that malware has gotten better, especially rootkits (zero access & tdss). Removal tools are becoming more specialized and fragmented, so there's not "one big hammer" to crush everything that pops up.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
99
Oorde
Oorde
LonnieJohnson
  • Locked
  • Question
Apps/Tools for seeing potential threats
Replies
1
Views
42
ChrisHirst
ChrisHirst
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
48
andyv2011
andyv2011
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
72
goombawaho
goombawaho
kharrison70
  • Locked
  • Question
Meskisift Visaal Studie Virus? 6
Replies
6
Views
81
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top