PDA

View Full Version : Suspect dll files



rumpty
05-04-2010, 04:29 PM
Does anyone know about 74m.dll and bs.dll that are in my c:\windows folder?

A bit of research suggests that they are dodgy, but they have been there for years (inspected some old images) and as far as I know nothing strange has happened to the OS.

Sweep
05-04-2010, 05:00 PM
Interesting you ask that one. I used have an excel spreadsheet with passwords and renamed to xxxxxx.dll in a windows directory.

Another person had moved all her music files into Windows so Dad did not know what she downloaded.

Back when I was using MSDos 3.3 I renamed the format command.

Speedy Gonzales
05-04-2010, 05:43 PM
Scan them or scan the whole hdd

rumpty
05-04-2010, 06:13 PM
Scan them or scan the whole hdd

I have scanned them with Malware Bytes, Ad-aware, and Cureit, but none of them complained about these files. They don't ring any bells with you Speedy?

Speedy Gonzales
05-04-2010, 06:18 PM
Scan it with a real AV program. I've never heard of those files

Sweep
05-04-2010, 06:37 PM
I have scanned them with Malware Bytes, Ad-aware, and Cureit, but none of them complained about these files. They don't ring any bells with you Speedy?

So what leads you to believe the said files are dodgy?

rumpty
05-04-2010, 07:22 PM
So what leads you to believe the said files are dodgy?

Looking them up in Google.

Speedy Gonzales
05-04-2010, 07:24 PM
What version of windows is it?

Sweep
05-04-2010, 07:25 PM
Looking them up in Google.

Yep. But why look up only those two?

KarameaDave
05-04-2010, 07:49 PM
Run this and see what it says.

http://portableapps.com/apps/utilities/spydllremover_portable

rumpty
05-04-2010, 07:52 PM
What version of windows is it?

XPSP3

Speedy Gonzales
05-04-2010, 08:07 PM
Add something like .old at the end of them. See if anything complains. Theyre not windows files

rumpty
05-04-2010, 08:19 PM
Add something like .old at the end of them. See if anything complains. Theyre not windows files

As a rule there are hardly any dll files in the root of Windows, so I thought they were suspicious. I've moved them out for now.

rumpty
05-04-2010, 08:34 PM
SpyDLLRemover didn't find them suspicious. No worries, I guess. Thanks for your help everyone.

Agent_24
06-04-2010, 02:54 AM
Upload them to www.virustotal.com

rumpty
06-04-2010, 03:24 PM
Upload them to www.virustotal.com

Hey, that's a great service at that site.

They didn't find anything much - a 5% possibility of being infected, if I read the report correctly.

Pancake
06-04-2010, 04:39 PM
bs.dll; 74m.dll are parts of a Trojan Dropper

rumpty
06-04-2010, 09:10 PM
bs.dll; 74m.dll are parts of a Trojan Dropper

That's what I thought after checking them in Google, but no scanning program that I have tried so far said they are bad. Anyway, they are deleted now.

Ollie
06-04-2010, 09:36 PM
.dlls are harmless alone. I wouldn't worry about it if you can delete it succesfully

Agent_24
06-04-2010, 10:37 PM
Hey, that's a great service at that site.

They didn't find anything much - a 5% possibility of being infected, if I read the report correctly.

Virustotal scans the files you upload by many different Antivirus programs.

It then tells you what each one detected, if anything.

5% means that 5% of the AVs that were used, reported the files as a virus.

You need to find the name of the malware that the files were detected as, and research it to see if it's bad.

You don't happen to still have a link to the analysis page?

rumpty
07-04-2010, 11:35 AM
Virustotal scans the files you upload by many different Antivirus programs.

It then tells you what each one detected, if anything.

5% means that 5% of the AVs that were used, reported the files as a virus.

You need to find the name of the malware that the files were detected as, and research it to see if it's bad.

You don't happen to still have a link to the analysis page?

Here are the links:
74m.dll http://www.virustotal.com/reanalisis.html?b89789ff8a6916698f2131655380ef158b 2d5ffa449b90bf80251d2b250ad73f-1270596247

bs.dll http://www.virustotal.com/reanalisis.html?f9db2868b21cb2217fd9f58227dbc5da48 e862d06f5155500384f5461edce72d-1270596771

Agent_24
07-04-2010, 09:05 PM
Ah too bad, they're expired...