Solved

Orphaned .dlls in Windows 2000

Posted on 2003-10-31
11
1,053 Views
Last Modified: 2010-04-13
Hi everybody-

Has anyone found a way to seek and destroy orphaned .dlls?  In my searches, I found one authored by a Kevin Solway, but it was for pre-Windows 2000.  Each morning when I log on, I get "Error finding C:\Program Files\commonName\Toolbar\CNBabe.dll .  Cannot find module specified"
I have a feeling this is the remnant of some sort of spyware, since it popped up when I ran my Ad-Aware program http://www.lavasoftusa.com/software/adaware/ .   Any ideas here?
0
Comment
Question by:jzgy12
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 44

Accepted Solution

by:
CrazyOne earned 125 total points
ID: 9660163
Well first get one of these free utilities

MSCONFIG for Win 2000
http://www.insideproject.com/showguide.cfm?guideid=31
http://www.insideproject.com/downloads/msconfig2k/msconfig.zip

StartupCop
http://web.zdnet.com/pcmag/pctech/content/18/08/ut1808.007.html

StartStop
http://www.tfi-technology.com/downloads.htm

AutoRuns
http://www.sysinternals.com/ntw2k/source/misc.shtml#autoruns

Startup Control Panel
http://www.mlin.net/StartupCPL.shtml
and
StartupMonitor
http://www.mlin.net/StartupMonitor.shtml

then

Open up what you download
and find Startup lis
unckeck all the items.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9660179
Also use one of these as well. I would recommend Hijack This because it may find something to do with the DLL in the registry

Check for adware and sypware

spybot here
http://spybot.safer-networking.de/
Download
http://spybot.safer-networking.de/index.php?lang=en&page=download

AdAware
http://www.lavasoftusa.com/

Spycop:
http://www.spycop.com/

BHODemon and Hijack This and Browser Hijack Blaster
http://www.spywareinfo.com/downloads.php?cat=sp#det
BHODemon | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.

Browser Hijack Blaster | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.

Hijack This | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at TomCoyote.org.

General and overall information about Spy/Adware
http://www.cexx.org/adware.htm
0
 

Expert Comment

by:rziminski
ID: 9660180
go to run sysedit
check your system.ini, win.ini for any mention of the dll and remove it the config.sys and autoexec.bat should be blank

Rick
0
 
LVL 20

Expert Comment

by:Dufo G. Belski
ID: 9660205
To answer your general question about deleting orphaned dll's, there are a few utilities here that will find them for you:

http://www.donker.ws/
0
 

Author Comment

by:jzgy12
ID: 9660474
thanks, I'll check it out..
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 8

Expert Comment

by:nader alkahtani
ID: 9660966
Try this :

Well, cnBabe.dll is part of a Spyware application (it transmits data from
your computer to other computers so they can collect information about you).
If you'd like to get rid of the message, here's a way to do it...
---------------------------------------------------------
Go to Start > Run, and type in "msconfig", click OK > Startup and look for
the entries for CommonName, CNBABE.EXE., cnform.exe, BabeIE.dll,
CNBarIE.dll.... if any of them are there, uncheck them, click OK, then
reboot.

If you don't find all of them there, click Ctrl\Alt\Del and look for them in
the window that appears, if you find any, highlight and End Task on them.
That will ensure they are not running prior to the scan.

Now go to your Add\Remove programs and look for CommonName and uninstall it.
If you happen to see any of those others above there delete them also.

Do a file search for w3k*.tmp and delete all that you find.

Run Adaware.

When it's done choose "mark all for removal"

IMPORTANT: Make sure that you choose to make a BACKUP before removing
anything.

Click "Continue" to remove the nasties.

When it is finished I would reboot and run Ad-aware again to make sure all
is gone.


http://www.thedibb.co.uk/forums/showthread/t-14221.html


0
 

Author Comment

by:jzgy12
ID: 9671106
thanks, everybody....I first followed CrazyOne's suggestion and downloaded MSconfig for W2k...I clicked on the startup tab and unchecked the appropriate entry like NADIR mentioned.  I'll check out the other links as well..

0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 9678192
Why didn't split the points ?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9680900
0
 

Author Comment

by:jzgy12
ID: 9684202
Well, I didn't know I could split points to be quite honest.  I'm pretty new around here, I apologize..
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9684524
:)
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A procedure for exporting installed hotfix details of remote computers using powershell
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now