Help on possible infection with "GDIPLUS.DLL"

jana used Ask the Experts™
I've run my malware utilitie ("Malwarebytes") and the result came back with a file named  "GDIPLUS.DLL" that was read as infected (see attatched).

gdiplus.dll seems to be part of utilities I downloaded sometime back:

              Angry IP.exe

Both these apps were recommended by EE in one of our questions.

My question is:

              1.  How can I know that  "GDIPLUS.DLL" is freally bad?
              2.  Malwarebytes indicated the gdiplus.dll  in C:\Windows\System32 is
                   also bad, should I click "remove" on the software to clean it?
              3.  Is it safe to click "Remove" on Malwarebytes and not have my Windows
                   affected performance wise?

FYI:  I have Windows 7 Pro

I know gdiplus.dll contains libraries for the GDI graphics interface, so this being confusing, how can make sure that my PC is rid of the "PUP.Malware.Tool", "Malware.Packer.Gen", "PUP.Malware.Tool" and "Trojan.DNSChanger".

Files Infected:
C:\Program Files\IP Scanners\Angry IP.exe (PUP.Malware.Tool) -> No action taken.
C:\Program Files\MDIConvertor\gdiplus.dll (Malware.Packer.Gen) -> No action taken.
C:\Windows\System32\GDIPLUS.DLL (Malware.Packer.Gen) -> No action taken.
C:\Users\Username\Documents\\Downloads\Angry IP.exe (PUP.Malware.Tool) -> No action taken.
C:\Program Files\Network Monitor\NetShareMonitor.exe (Trojan.DNSChanger) -> No action taken.

Open in new window

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If you are not experiencing any problems it maybe safe to ignore. You can be sure by submitting the file to different websites for them to check it:
In your arsenal you should have a few more programs.  Malwarebytes is strong but each program has a strength the other doesnt.  Check these out and see if they come up with it.  

A-squared Emergency USB:



     I have not been experiencing any problems as to my knowledge.  Is there is a way to really find
     out if this file are infectef?

      I have Malwarebytes on the "Remove Selected" screen.  So you suggest to first submit the
       "GDIPLUS.DLL" and wait for thier response?


    I used Spybot and it didn't detected.  However you suggestion doesn't help on my
    question.  What should I do?

In essence, how can I know that this file is really infected???
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

*** Hopeleonie ***IT Manager

San you run Hitman Pro?

Activate the 30 day trial and try to clean.
Did you try uploading the file to be scanned by those websites?




  C:\Program Files\IP Scanners\Angry IP.exe,
   said is "goodware".  
   didn't work, didn't submit.
   says "detected a virus", infected by not-a-virus:NetTool.Win32.Portscan.c


  C:\Program Files\MDIConvertor\gdiplus.dll
   says nothing, no message as infected, but does say it isn't
   didn't work, didn't submit.
   says "has not detected any viruses"


   says nothing, no message as infected, but does say it isn't
   didn't work, didn't submit.
   says "has not detected any viruses"


   C:\Program Files\Network Monitor\NetShareMonitor.exe
   says nothing, but places resukt "1" in red
   didn't work, didn't submit.
   says  "has not detected any viruses"

Whats the next step?
I would say your fine. Kaspersky is pretty reliable. Besides your not experiencing any symptoms.


Ok... any other observation prior closing the question?



Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial