Solved

pwdmon.dll

Posted on 2006-11-28
8
2,753 Views
Last Modified: 2011-10-03
I found this dll in the system32 folder: pwdmon.dll.  It also has an entry in the Notification Packages key of  HKLM\SYSTEM\CurrentControlSet\Control\Lsa .  I can't find any information on this dll.  Can anyone shed some light on its purpose and where it comes from?
0
Comment
Question by:dhenderson12
8 Comments
 
LVL 2

Expert Comment

by:LanBuddha
ID: 18033311
That is a registry key for windows security.

I am not sure what the file does but if you right click on the file and look at the properties you should be able to find out the manufacturer if it is legit. Some information about it should be found in the properties.
0
 

Author Comment

by:dhenderson12
ID: 18040057
Thanks for the reply.  There are NO values listed in the properties of this file ... none.
0
 
LVL 2

Expert Comment

by:LanBuddha
ID: 18040488
Look at the creation date. Did you install anything on that date? I would be very suspicious of the file. Maybe save your registry and then remove the key and see what happens. What other processes are running? Or just try renaming the file and see if a program complains. Do you have anything like a finger print reader on your computer?

Search Google for Rootkit analyzer and see if that DLL is hooking your keyboard or something..
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Expert Comment

by:score_under
ID: 18040796
You could assume that it is spyware or adware, or possibly a component for some obscure program, because I have a virus-free laptop and the file does not exist on it. I am running xp(pro)sp2.
0
 
LVL 12

Expert Comment

by:kneH
ID: 18044208
What I usually do with files like these is the following:
- Create a backupcopy of the file and place it somewhere easy to acces from the command line (eg the c:\ root)
- Then rename the file in the system32 dir. Will it allow it? If not it is in use.
- if you cannot rename the file.. boot into safemode and try then
- if you can rename it that's cool. Now delete it. Does windows put it back?
- if so it might be a system file.
- after you've renamed it test your system for a while. Does it give any errors anywhere?

hope that'll help somewhat.


0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18199523
I've found this: http://www.brightstrand.com/simple.html

It uses a pwdmon program.

Tolomir
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18400686
PAQed with no points refunded (of 125)

Computer101
EE Admin
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now