hI
I got an infection after going on "some random" websites,
i managed to get rid of the malware with superantispyware but what surprised me is that it only found one single DLL file !
Shoulnd it be also some EXE ??
Printable View
hI
I got an infection after going on "some random" websites,
i managed to get rid of the malware with superantispyware but what surprised me is that it only found one single DLL file !
Shoulnd it be also some EXE ??
no. The code could have been accessed thru the dll. kinda like having eggs (the dll file) infected with chicken pox. you eat some eggs, now you are infected.
Of course it would be a stupid idea to create a virus or trojan that was contained in a dll that needed a exe in-order to run. If the user/victim deletes the executable the virus/trojan would not do anything. It just goes to show how smart hackers are, that they put the whole virus/trojan in a executable instead.Quote:
Originally Posted by B61Nuke
OK I thought DLL were not real executables like COM(from DOS era) or EXE...
An EXE or a COM are not required. The malicious code could have been inserted inside a sub or function that is called thru the DLL or it could have been attached externally to the DLL. The sad part is it is easy to do. It is best to innoculate your files. That will setup a list of commonly used file attributes which prevent malicious code from attaching itself to the ends of installed files.
How would the code in a dll run without being called via the the executable that the user interacts with?Quote:
Originally Posted by B61Nuke
What he describes is DLL Injection... the malicious DLL injects itself into an existing, common process. It can also set itself up as a service, running in the background.
-tg
By launching rundll32.exe, a dll can be run just like any other form of executables (exe, com...) given that it was written to run like a program. Take this fake antivirus program for example, after the user visit a bad site, the dll is downloaded and saved somewhere on the local HDD (normally under the user profile application folder since that folder doesn't requires administrative privilege to write to), and then it write an entry in the HKCU\Microsoft\Windows\CurrentVersion\Run (again, the current logged in user always have read/write access to the HKCU reg key) to run the rundll32.exe with the downloaded dll as the argument.Quote:
Originally Posted by Nightwalker83
Sadly,knowledge comes with a price...
Please someone send me and dll file and told me to put it in system32 folder and then go to the excel file he send me and able the macros.
It may be harmful?
And please tell me what i should to to fix it.
Plus i have an amazon account.
If it was an Trojan Horse maybe he can steal my credixs number that i have in amazon???
Please reply me!
I download Malwarebytes and scan the file and it is ok!
Who is someone?
You really should have a good reason and trust to source of which you get a DLL and Excel file with macro's
Malwarebytes and virusscanner only know about general spread virusses/ransomware/adware
If you get a single DLL from an individual then this DLL has not to be known by those companies.
And can i learn if it was something bad???
Or i will never know?
Please guys help!!
And i should go and change my credid card now?
And i just delete the dll??
And i am safe!
Oh guys sorry but i worry !
Please tell me all the steps i should do now!
Quote:
Please someone send me and dll file and told me to put it in system32 folder and then go to the excel file he send me and able the macros.
You don't know. All you know is that if it is flagged by an anti-virus program then it is all most certainly harmful. If it is not flagged then this does not mean that it is not harmful.Quote:
It may be harmful? I download Malwarebytes and scan the file and it is ok!
If you have opened the excel file, then wipe your system and re-install the OS from scratch using your system file image backup.Quote:
And please tell me what i should to to fix it.
i don't have system file image backup!
Please any other suggestion?
If the dll is a new addition to system32 (and is not overwriting an existing dll), then the code in the dll is not activated until that dll is loaded which happens when any of its resources are used (from a macro in the excel file?). If it overwrites an existing dll then the same applies - but you don't really know what activates the dll.
Well you really have three options.Quote:
Originally Posted by me lene
1) delete the .dll and the excel file and hope
2) Install a full-feature anti-virus system and perform a full scan and hope
3) re-install the OS from scratch as if on a new computer.
Oh guys thanks so much! I don't know how to do OS !!
But i delete the files and i asked a friend to check for me from Teamviewer.
And he checked if the program has downloaded other files and he told me no! And he told me he checked everything looks ok.
And he told me that 99% it is safe!
But i delete it.
There is no other way to be 100% sure?
And now it is running any program and i cannot see it?
Plus about credits? I have only account in amazon! I have never used my credit somewhere else and i just put it once some months before when i did my 1st Purchase.
And i cannot even see my number ...you know it has ****.
So i am safe?
Or i should change it now?
No. To be 100% sure you'll need to do a complete re-install of the OS as a fresh install.Quote:
And he told me that 99% it is safe!
But i delete it.
There is no other way to be 100% sure?
Which OS is involved here? Did you open the excel file as a user, as an admin or with elevated privileges?
Ι opened it as i open every file in my laptop!!!Quote:
Originally Posted by 2kaud
I am the only user.
Οh and he looked and which programs are they working and which ones are going to run in the next install.
Which version of windows? as I asked in my post #18.
οh sorry i did not see that!Quote:
Originally Posted by 2kaud
Windows 7
Assuming the computer is fully patched, it's unlikely you have an installed virus. However that doesn't mean that 'damage' hasn't been done to the operating state of the computer. No anti-virus program will detect this sort of operational damage. The only guarantee against such damage is a complete OS installation.
I know of an instance similar to this (involving word rather than excel). Anti-virus scans showed no issues but internet exploring became unusable with the browser repeatedly reporting errors. Fortunately this user had a system image backup which was used to re-install the system - after which everything worked OK again.
Thank you for one more time for your help!!!!Quote:
Originally Posted by 2kaud
You are so kind!
But i don't know how to do that and have a backup!
I think its difficult.
And when this friend of mine looked in the programs that are running and will run in the next install of my laptop he did not see anything! It can be somewhere but i cannot see that?
Well when i downloaded this files i had only ESET NOD32 antivirus!
But yesterday i downloaded the walwarebytes and ccleaner!
Because i wanted to be sure.