×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Potential Virus? DLLTools.dll

Potential Virus? DLLTools.dll

Potential Virus? DLLTools.dll

(OP)
Hi,

We have 3 machines that Panda have quarantined the file dlltools.dll as being a 'Generic Trojan' , however when trying to find information regarding the file DLLTools.dll , I can't seem to find much at all.

I have found this...

http://www.prevx.com/avgraph/4_7/McAfee.html

http://www.prevx.com/filenames/X896815823989023816-X1/DLLTOOLS.DLL.html

Which is currently under review so isn't clear if this is a virus or not.

Does anyone know if this file is a virus and if so what it does?

Thanks,
1DMF.

"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

[link http://dance-music.org]Free Electronic Dance Music Download

RE: Potential Virus? DLLTools.dll

(OP)
to add to this, I just ran the webroot AV on the computer where Panda had quarantined this DLLTools.dll file and it now claims there is another virus on the computer..

Win32.Sefnit.Gen

However, it states it is in the program files (x86) folder under centrastage, which is some software put on our computers by the IT support company.

Is this a false positive or is this a virus?

Thanks,
1DMF

"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

[link http://dance-music.org]Free Electronic Dance Music Download

RE: Potential Virus? DLLTools.dll

If it's remote control software for your IT company (which I see it is after looking), it could have triggered a warning as malware.

I would not allow that to be deleted or quarantined.

For peace of mind, run TDSSKiller, MalwareByte's Anti-mailware and GMER.  If all of those come back clean, I wouldn't worry.

RE: Potential Virus? DLLTools.dll

Can you look at the file properties and see the manufacturer / internal name / build etc? Also try dependancy walker http://www.dependencywalker.com/, I use it to see what DLL calls etc a program / DLL makes.

Process Explorer http://technet.microsoft.com/en-us/sysinternals/bb896653 is also a helpful tool. I usually leave in in a DIR on the servers I maintain for reasons like this.

In Delphi there is a tool called Winsight, to see what executeables are running, handles, hidden forms, internal exe / dll names etc, which is my favourite.

As said earlier, it could be an input hook for support.

RE: Potential Virus? DLLTools.dll

(OP)
I've quarantined the DLLTools.dll and igonored the centrastage after liaising with the support company.

I have found this webroot software to be a waste of time as it is throwing up too many false positives to be of any use.

I've not had a report from anyone with the quarantined DLLTools.ddl that something has stopped functioning, so I think we are ok.

"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

[link http://dance-music.org]Free Electronic Dance Music Download

RE: Potential Virus? DLLTools.dll

Please follow instructions on the scans I mentioned for peace of mind.  Getting second and third opinions on malware/infection status is the only way to feel comfortable.  Any one given anti-virus or anti-malware program may miss a significant percent of malware.  Therefore, you use different tools.

RE: Potential Virus? DLLTools.dll

(OP)
sorry, I failed to mention we also run Malware-bytes as standard, which didn't find anything, well apart from the group policy we have restricting staff from changing their screen saver from the corporate one, so only another false positive.

Kaspersky found nothing neither did GMER!

I appreciate no single AV product is 100% and have found that MBAM isn't as good as it used to be!

 

"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

[link http://dance-music.org]Free Electronic Dance Music Download

RE: Potential Virus? DLLTools.dll

I am not at work, but my av (F-secure) quarantined a critical app that we use yesterday.  I think that was the name it was giving. We have had this app for over 5 years so I am pretty confident it is OK. I submitted it as a false positive so will see what happens today.

RE: Potential Virus? DLLTools.dll

F-secure has updated their definitions so my file is now detected as clean.  I ran it through VirusTotal and Panda also calls my file clean.  

You might check to see if Pandas latest def files are still flagging your file.

FYI, F-secure was flagging my file as 'Gen:Variant.Barys.2063'.  I don't know it that correlates with Pandas naming conventions at all.

 

RE: Potential Virus? DLLTools.dll

Quote:

MBAM isn't as good as it used to be!

I would say that might not be the case but rather that malware has gotten better, especially rootkits (zero access & tdss).  Removal tools are becoming more specialized and fragmented, so there's not "one big hammer" to crush everything that pops up.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close