Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

npigl.dll harmful or not?


  • Please log in to reply
7 replies to this topic

#1 princess_sophia

princess_sophia

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago IL
  • Local time:02:47 PM

Posted 24 July 2009 - 02:33 AM

I noticed a file called npigl.dll on my hard drive is this a safe file or not?Some research indicates that this is some addon (probably yahoo toolbar which i do use) but when uploading the file to jotti it says avast found it being trojan.gen (or something similar) when uploading it to virustotal it says 4 scanners found a threat. (all it said was suspicous file high risk worm etc)Also, i notice no odd addons in my manage addon thing.(i use internet explorer 8 btw) when i scan with malware bytes nothing comes up. :thumbsup: I am really confused here,are these false positives?I can unregister the dll if it is truly harmful.
Welcome to McMalwareCrushers! Would you like to try our ultimate destruction combo for the low low price of FREE?

Over 00000000 satisfied customers!

"If there's a will, there's a way, if not then there is always linux".
"You are never too old to be a kid again".

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:47 PM

Posted 24 July 2009 - 08:57 AM

Where is the file (full path) located?
What is the creation date?
Did you right click on it > choose properties and look for information under the version tab?

If one vendor hits on a file, then possible you are looking at a FP. However, you say several are providing hits so that's more conclusive it may not be harmless.

I found references to it being related to an IGLoader game loader plugin for Opera located at:
C:\Program Files\Opera\Program\Plugins

And also for Firefox located at:
C:\Windows
C:\Program Files\Mozilla Firefox\plugins

Although you use IE, do you also use Firefox or Opera and if so, are any of the above locations where you are finding that file?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 princess_sophia

princess_sophia
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago IL
  • Local time:02:47 PM

Posted 24 July 2009 - 11:36 AM

The full path is just C:/ not in windows or program files. I DO NOT use firefox or opera,It says it was created by indiepath and it's version 3.0.0 it does says igloader under internal name.I do play games online and also have spore creature creator on my pc.So maybe it's for those?Oh it was created Monday Feburary 12,last accessed today.
Welcome to McMalwareCrushers! Would you like to try our ultimate destruction combo for the low low price of FREE?

Over 00000000 satisfied customers!

"If there's a will, there's a way, if not then there is always linux".
"You are never too old to be a kid again".

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:47 PM

Posted 24 July 2009 - 04:16 PM

It sounds like the file is legit but I'm not sure what program installed it.

Create a new folder named Hold on your hard drive (C:\Hold), rename the file to npigl_old and move it into the Hold folder. See if doing that affects your game playing or any other application. If not, then delete it after a few days.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 princess_sophia

princess_sophia
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago IL
  • Local time:02:47 PM

Posted 24 July 2009 - 06:17 PM

I'll try it but here's the thing.Mcafee poped up saying it found trojan-gen.b (or was it .g) and that is the same trojan that comes up when i upload it to virus total and jotti.i could include the log files for jotti and virustotal if needed.
Welcome to McMalwareCrushers! Would you like to try our ultimate destruction combo for the low low price of FREE?

Over 00000000 satisfied customers!

"If there's a will, there's a way, if not then there is always linux".
"You are never too old to be a kid again".

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:47 PM

Posted 25 July 2009 - 08:10 AM

Generic detections are usually a heuristics detection of possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.

The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware.

Submit a sample to the vendor so they can investigate further. Be sure to provide them with the descriptive information you found when looking at the file's version tab in properties. Please refer to Submit a Sample To McAfee.

While waiting for an answer, I would still rename and move the file.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 princess_sophia

princess_sophia
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago IL
  • Local time:02:47 PM

Posted 27 July 2009 - 04:13 PM

I did submit it a couple days ago.I got an email today from mcafee saying it WAS infected with Generic.TRA :thumbsup: I followed the instructions and added extra.dat to the folder scanned the folder and mcafee removed it.There is an igloader entry in my add remove programs should I remove it?I think it was installed when I was playing one of those free trial things.
Welcome to McMalwareCrushers! Would you like to try our ultimate destruction combo for the low low price of FREE?

Over 00000000 satisfied customers!

"If there's a will, there's a way, if not then there is always linux".
"You are never too old to be a kid again".

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:47 PM

Posted 28 July 2009 - 07:56 AM

There is an igloader entry in my add remove programs should I remove it?I think it was installed when I was playing one of those free trial things.

Considering the results on the file, I would.

In many cases, online gaming sites are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users