Trying to find a malware dll

Using Procmon how do I found the setup_0a.dll?

A simple newbie question: a .txt file can be infected with malware?
rebelscum0000Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Sudeep SharmaConnect With a Mentor Technical DesignerCommented:
Using ProcMon (Process Monitor) Press Ctrl+H or click on Filter --> Hightlight. It would open a new window.

In this window on first drop down select "Process Name" in second drop down "is" third "setup_0a.dll" and in fourth "include". Click on Add and then click on OK, how when ever the "setup_0a.dll" is used or invoked you would see it ProcMon in different color or highlighted.

Sudeep
tmp.JPG
0
 
HawyLemConnect With a Mentor Commented:
Everything can be infected with malware, particularly with a shell exploit (malicious artifact code that would exploit the editor/reader of the file). But in the specific case of a txt file, this would be very rare.. due to the low complexity of the notepad application too

Using Procmon you can double click and show properties for an executable image and list his DLLs modules
0
 
edbedbConnect With a Mentor Commented:
Try finding it in regedit or with Process Explorer.
http://technet.microsoft.com/en-us/sysinternals/bb896653
0
All Courses

From novice to tech pro — start learning today.