Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to check dll's as the source of malware infection?


  • Please log in to reply
4 replies to this topic

#1 smak451

smak451

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 30 August 2010 - 05:32 AM

Hey everyone -- I was recently hacked and am trying to figure the cause of it. I had downloaded 2 dll files from a subscription software forum (which were part of 'User Contributed' add-ons for a stock market trading platform). Is there any way to tell if these dll files had malicious code and was the source of the attack?

I've done a clean install of my OS and am hesitant to re-install this platform if it was the source; on the other hand if I start to rebuild my platform could take a few weeks. I've scanned the backups (which are on DVDs/Cds) with SAS, MAB, etc. and the files come up clean. Could really use some advice here before proceeding. Thanks a lot, -- S

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:31 AM

Posted 30 August 2010 - 02:16 PM

Process Explorer
System Explorer
Dependency Walker
Dependency Scanner
DLL Toys - alternate download
DLLArchive
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 smak451

smak451
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 02 September 2010 - 05:15 AM

Thanks again Quietman! I've looked at all your suggestions and then some and have a related question: I want to get an overall system monitor that I can grow into and use to become very familiar with my system and all its processes to make it easier to detect bad stuff (rootkit actions, bad-behaving dll's, etc.) as well as trouble shoot when needed. Doesn't have to be extremely simple as I have no problem reading through manuals and spending the time if there's something good to get out of it (though probably don't need NASA level analytics either).

From what you've given me and what I've been able to research I'm leaning toward Process Explorer. I've also come across Winpatrol (slightly different),ESET Sysinspector and Yet Another System Explorer to name a few. Do you have a top pick for such a thing? Thanks alot. Cheers -- S

Edited by smak451, 02 September 2010 - 05:15 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:31 AM

Posted 02 September 2010 - 07:28 AM

I want to get an overall system monitor that I can
grow into and use to become very familiar with my system and all its processes

Have you looked at Process Monitor?


I use both Process Explorer and System Explorer. I also use WinPatrol for all its other features.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 smak451

smak451
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 02 September 2010 - 08:29 AM

Thanks, I missed that but it looks great. I was focused on Process Explorer because it was listed under both Sysinternals Security & Utilities sections -- didn't focus on the File & Disk Utilities section, though from the description sounds like it should be under security as well.

Not sure what the difference is between Explorer and Monitor, but I'll take a closer look. I guess your advice would be to use Process Monitor then for my purposes? Btw if you guys need extra help and a spot opens up in your bootcamp I'm in. Would love to pay it back. Cheers, -- S




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users