Is this a Legit Systems File?


  1. Elixxir
    Posts : 12
    Windows 7 professional 32 bit
       New #1

    Is this a Legit Systems File?


    MSE traced a Trojan to C:\windows\system32\dpnaathlp.dll

    Is this a legit file, or should I go ahead and delete it?
      My Computer
    Quote Quote

  3. zigzag3143
    Posts : 28,845
    Win 8 Release candidate 8400
       New #2

    Elixxir said:
    MSE traced a Trojan to C:\windows\system32\dpnaathlp.dll

    Is this a legit file, or should I go ahead and delete it?
    Well after 10 global searches including google not one legit mention. I would at least rename it to dpnaathlp.bak so it cant load and see if anything complains.
      My Computer
    Quote Quote

  4. Elixxir
    Posts : 12
    Windows 7 professional 32 bit
    Thread Starter
       New #3

    zigzag3143 said:
    Elixxir said:
    MSE traced a Trojan to C:\windows\system32\dpnaathlp.dll

    Is this a legit file, or should I go ahead and delete it?
    Well after 10 global searches including google not one legit mention. I would at least rename it to dpnaathlp.bak so it cant load and see if anything complains.
    The problem is that dpnaathlp.dll is not showing up in System32

    Instead I have dpnathlp.dll. But MSE has the Trojan listed at dpnaathlp.dll

    The one visible in System32 has only 1 - a -
    But the with Trojan has 2 - aa -. However, the one with the Trojan is not visible in System32

    Can you guide me where to find it, or how to find it, so that I can rename it.
      My Computer
    Quote Quote

  6. A Guy
    Posts : 53,405
    Windows 10 Home x64
       New #4

    dpnathlp.dll is indeed a legit file, but dpnaathlp.dll is not, as stated. Did you enable hidden files and protected operating system files?

    Open System32 folder> Organize> View tab> Tick Show hidden Files, Folders, and Drives> Untick Hide protected Operating System Files (Recommended) (It will ask if you are sure you want to do that, ok it).

    Is this a Legit Systems File?-view.jpg

    See if you can see the dpnaathlp.dll now. Then proceed as zigzag3143 said. This may just be one of several files. Suggest scanning in safe mode with MalwareBytes.

    Remember to change the view settings back to where they were> Untick show hidden Files, Folders, and Drives, and Retick Hide protected Operating System Files (Recommended)

    A Guy

    Edit: See my reply in the other post

    DeviiceEject.exe
    Last edited by A Guy; 16 May 2011 at 00:50. Reason: Added
      My Computer
    Quote Quote

  7. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #5

    Malware can disguise itself ... in this case, it's very close to a legit file, but it's not legit!
      My Computer
    Quote Quote

  8. Borg 386
    Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       New #6

    You could try the following:

    Submit the file to VirusTotal and see what comes back.

    VirusTotal - Free Online Virus, Malware and URL Scanner

    D/L and run Process Explorer, this is something that will allow you to further investigate it.

    Process Explorer

    The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
    The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
    Note: If this fails to yield anything as to the nature of this file, I would be very suspicious of it and investigate when this file appeared, and try to determine which program you may have D/L ed at that time.
    Last edited by Borg 386; 16 May 2011 at 14:09.
      My Computer
    Quote Quote

 

  Related Discussions
Is this legit?
in General Discussion

I got an Email from Microsoft asking me to participate in some kind of Windows Developer Preview Install Fair Hardware Information Survey
I have multiple clients with the same issue, so I’m somewhat surprised that I’ve searched for posts about this in vain. Symptom overview: I have Windows 7 Professional based computers acting as P2P file servers on networks with 10 to 15 computers. When people come to work in the morning...
How do I enable file sharing between the host and Virtual systems? EDIT: (solution) https://www.sevenforums.com/tutorials/102215-windows-virtual-pc-select-host-devices-share.html
Win7 file systems
in General Discussion

Is it possible to install Win7 on an exFAT partition?:p
Lately, I've heard some people say that the Unix code is more secure than the Windows code and that the Windows code has many holes and bugs in it. Before, I always thought Unix systems (for example, Mac) were less likely to get infected by viruses only because they had a lower market share....
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 00:40.
Find Us