Solved

Trying to find a malware dll

Posted on 2011-02-11
3
348 Views
Last Modified: 2013-11-22
Using Procmon how do I found the setup_0a.dll?

A simple newbie question: a .txt file can be infected with malware?
0
Comment
Question by:rebelscum0000
3 Comments
 
LVL 4

Assisted Solution

by:HawyLem
HawyLem earned 150 total points
ID: 34875653
Everything can be infected with malware, particularly with a shell exploit (malicious artifact code that would exploit the editor/reader of the file). But in the specific case of a txt file, this would be very rare.. due to the low complexity of the notepad application too

Using Procmon you can double click and show properties for an executable image and list his DLLs modules
0
 
LVL 23

Assisted Solution

by:edbedb
edbedb earned 150 total points
ID: 34875717
Try finding it in regedit or with Process Explorer.
http://technet.microsoft.com/en-us/sysinternals/bb896653
0
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 200 total points
ID: 34876190
Using ProcMon (Process Monitor) Press Ctrl+H or click on Filter --> Hightlight. It would open a new window.

In this window on first drop down select "Process Name" in second drop down "is" third "setup_0a.dll" and in fourth "include". Click on Add and then click on OK, how when ever the "setup_0a.dll" is used or invoked you would see it ProcMon in different color or highlighted.

Sudeep
tmp.JPG
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now