Craig
asked on
Thousands of 0 kb .dll files???
I have worked on 2 computers in the last week (I do virus and spyware removal), one running Windows ME and another running Windows XP Home and in both machines I found thousands of 0 kb .dll files in the \windows, \windows\system and windows\system32 folders. On the WinME computer there was over 25,000 of them. Both were loaded with spyware and viruses.
I deleted them all with no visible problems encountered afterwards.
Does anybody have any idea what could be causing them?
I'm guessing some badly written spyware or virus.
I deleted them all with no visible problems encountered afterwards.
Does anybody have any idea what could be causing them?
I'm guessing some badly written spyware or virus.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
spiderfix - how do I gain access to the "c:\system volume information\_restore****" folder?
When I try from a command prompt, I get an "access denied" message.
Is it safe to delete items in the _restore folder"
When I try from a command prompt, I get an "access denied" message.
Is it safe to delete items in the _restore folder"
That folder is not only hidden it's access is blocked for system protection against nefarious exploits.
When formatted NTFS permissions are set by default allowing no one but the XP system restore routine
access. You can open access but ensure to re-enable permissions on it after your done in there.
In the command prompt type
cacls "c:\system volume information" /E /G username:F
Do your deleting and then re-enable permissions
cacls "c:\system volume information" /E /R username
Also the _restore****etc folder in there is a large character name so I find Windows Explorer
is an easier way to deal with navigating around in there. Ensure you have a visual on hiddens
in Windows Explorer. In Windows Explorer's menu
Tools
Folder Options...
View(tab)
check "Show hidden files and folders
uncheck "Hide protected operating system files (Recommended)"
When formatted NTFS permissions are set by default allowing no one but the XP system restore routine
access. You can open access but ensure to re-enable permissions on it after your done in there.
In the command prompt type
cacls "c:\system volume information" /E /G username:F
Do your deleting and then re-enable permissions
cacls "c:\system volume information" /E /R username
Also the _restore****etc folder in there is a large character name so I find Windows Explorer
is an easier way to deal with navigating around in there. Ensure you have a visual on hiddens
in Windows Explorer. In Windows Explorer's menu
Tools
Folder Options...
View(tab)
check "Show hidden files and folders
uncheck "Hide protected operating system files (Recommended)"
>>Is it safe to delete items in the _restore folder<<
Yes, they are just restore points. A bunch of folders named RP* and some files below that.
If you can't delete a file in there named *.log don't worry that is normal.
Yes, they are just restore points. A bunch of folders named RP* and some files below that.
If you can't delete a file in there named *.log don't worry that is normal.
ASKER
Thank you for the information. I went into the folders and looked around, but didn't see anything unusual.
When system restore is turned off, do those restore points get removed, or just it just stop any new points from being created?
When system restore is turned off, do those restore points get removed, or just it just stop any new points from being created?
>>When system restore is turned off, do those restore points get removed<<
If you shut off system restore and reboot the restore points are suppose to be deleted...
http://support.microsoft.com/default.aspx?scid=kb;en-us;q301224
...but what I have been seeing, as of late, is the more powerful spyware is manipulating the reboot deletion
within Windows and when you use cacls to access the system volume information folder you can plainly see
the restore points do in fact still exist. This little trick [spyware is enforcing] can obviously create a lot of havoc
with attempting to eradicate spyware with killer tools such as Ad-Aware, Spybot, Spy Sweeper, and Microsoft
AntiSpyware.
So one really needs to get into that _restore folder manually as a first step to delete the restore points on an infected system.
2 months ago Vx2 was the only spyware using this technique but other spyware companies have captured VX2's
little survive technique and they are now using the same technique. As a spyware killer I now use cacls as the
first step in eradication, it just saves a lot of wasted time when going for that spyware jugular first.
Hopefully XP's upcoming SP3 and IE7 will address this manipulation and allow AntiSpyware to run through the
O/S without having to worry about manually opening the system volume information folder.
In the end we will win against spyware even though it may seem they are ahead of us now. They are running out
of manipulations and when more of these XP weak points are patched we will be spending less time on eradication.
Death to spyware...long live the Internet!
If you shut off system restore and reboot the restore points are suppose to be deleted...
http://support.microsoft.com/default.aspx?scid=kb;en-us;q301224
...but what I have been seeing, as of late, is the more powerful spyware is manipulating the reboot deletion
within Windows and when you use cacls to access the system volume information folder you can plainly see
the restore points do in fact still exist. This little trick [spyware is enforcing] can obviously create a lot of havoc
with attempting to eradicate spyware with killer tools such as Ad-Aware, Spybot, Spy Sweeper, and Microsoft
AntiSpyware.
So one really needs to get into that _restore folder manually as a first step to delete the restore points on an infected system.
2 months ago Vx2 was the only spyware using this technique but other spyware companies have captured VX2's
little survive technique and they are now using the same technique. As a spyware killer I now use cacls as the
first step in eradication, it just saves a lot of wasted time when going for that spyware jugular first.
Hopefully XP's upcoming SP3 and IE7 will address this manipulation and allow AntiSpyware to run through the
O/S without having to worry about manually opening the system volume information folder.
In the end we will win against spyware even though it may seem they are ahead of us now. They are running out
of manipulations and when more of these XP weak points are patched we will be spending less time on eradication.
Death to spyware...long live the Internet!
ASKER
"Death to spyware...long live the Internet!"
I second that proposal!
However, if it weren't for all that spyware I would be out of work :)
Thank you for all the useful information.
Regards
I second that proposal!
However, if it weren't for all that spyware I would be out of work :)
Thank you for all the useful information.
Regards
>>Thank you for all the useful information<<
Your welcome.
>>However, if it weren't for all that spyware I would be out of work :)<<
Yes, we do make more money because of that stuff, it's a love-hate relationship.
Your welcome.
>>However, if it weren't for all that spyware I would be out of work :)<<
Yes, we do make more money because of that stuff, it's a love-hate relationship.
1) A virus or spyware
2)A program have to create a .dll file and failed a lot of time doing this job
3)a windows internal error (opening or building .dll files
this can be fixed just making a virus/spyware detection and a windows update and checking out some program that may have done this falilure.
regards
Artadj