Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Is this a Legit Systems File?

15 May 2011   #1

Windows 7 professional 32 bit
 
 
Is this a Legit Systems File?

MSE traced a Trojan to C:\windows\system32\dpnaathlp.dll

Is this a legit file, or should I go ahead and delete it?

My System SpecsSystem Spec
.

15 May 2011   #2

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by Elixxir View Post
MSE traced a Trojan to C:\windows\system32\dpnaathlp.dll

Is this a legit file, or should I go ahead and delete it?
Well after 10 global searches including google not one legit mention. I would at least rename it to dpnaathlp.bak so it cant load and see if anything complains.
My System SpecsSystem Spec
16 May 2011   #3

Windows 7 professional 32 bit
 
 

Quote   Quote: Originally Posted by zigzag3143 View Post
Quote   Quote: Originally Posted by Elixxir View Post
MSE traced a Trojan to C:\windows\system32\dpnaathlp.dll

Is this a legit file, or should I go ahead and delete it?
Well after 10 global searches including google not one legit mention. I would at least rename it to dpnaathlp.bak so it cant load and see if anything complains.
The problem is that dpnaathlp.dll is not showing up in System32

Instead I have dpnathlp.dll. But MSE has the Trojan listed at dpnaathlp.dll

The one visible in System32 has only 1 - a -
But the with Trojan has 2 - aa -. However, the one with the Trojan is not visible in System32

Can you guide me where to find it, or how to find it, so that I can rename it.
My System SpecsSystem Spec
.


16 May 2011   #4

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

dpnathlp.dll is indeed a legit file, but dpnaathlp.dll is not, as stated. Did you enable hidden files and protected operating system files?

Open System32 folder> Organize> View tab> Tick Show hidden Files, Folders, and Drives> Untick Hide protected Operating System Files (Recommended) (It will ask if you are sure you want to do that, ok it).

Name:  View.jpg
Views: 5
Size:  45.2 KB

See if you can see the dpnaathlp.dll now. Then proceed as zigzag3143 said. This may just be one of several files. Suggest scanning in safe mode with MalwareBytes.

Remember to change the view settings back to where they were> Untick show hidden Files, Folders, and Drives, and Retick Hide protected Operating System Files (Recommended)

A Guy

Edit: See my reply in the other post

DeviiceEject.exe


My System SpecsSystem Spec
16 May 2011   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Malware can disguise itself ... in this case, it's very close to a legit file, but it's not legit!
My System SpecsSystem Spec
16 May 2011   #6

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

You could try the following:

Submit the file to VirusTotal and see what comes back.

VirusTotal - Free Online Virus, Malware and URL Scanner

D/L and run Process Explorer, this is something that will allow you to further investigate it.

Process Explorer

Quote:
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
Note: If this fails to yield anything as to the nature of this file, I would be very suspicious of it and investigate when this file appeared, and try to determine which program you may have D/L ed at that time.
My System SpecsSystem Spec
Reply

 Is this a Legit Systems File?





Thread Tools



Similar help and support threads for2: Is this a Legit Systems File?
Thread Forum
Solved Is this legit? General Discussion
Access denied randomly to a Win7 P2P file server for XPs systems only, Network & Sharing
Is this COA legit? General Discussion
enable file sharing between the host and Virtual systems? Virtualization
Is it legit? General Discussion
Win7 file systems General Discussion
Are Unix systems more secure than Windows systems? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:43 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33