Is this a Legit Systems File?

[Elixxir]

MSE traced a Trojan to C:\windows\system32\dpnaathlp.dll

Is this a legit file, or should I go ahead and delete it?

 

[zigzag3143]

MSE traced a Trojan to C:\windows\system32\dpnaathlp.dll

Is this a legit file, or should I go ahead and delete it?

Well after 10 global searches including google not one legit mention. I would at least rename it to dpnaathlp.bak so it cant load and see if anything complains.

 

[Elixxir]

MSE traced a Trojan to C:\windows\system32\dpnaathlp.dll

Is this a legit file, or should I go ahead and delete it?

Well after 10 global searches including google not one legit mention. I would at least rename it to dpnaathlp.bak so it cant load and see if anything complains.

The problem is that dpnaathlp.dll is not showing up in System32

Instead I have dpnathlp.dll. But MSE has the Trojan listed at dpnaathlp.dll

The one visible in System32 has only 1 - a -
But the with Trojan has 2 - aa -. However, the one with the Trojan is not visible in System32

Can you guide me where to find it, or how to find it, so that I can rename it.

 

[A Guy]

dpnathlp.dll is indeed a legit file, but dpnaathlp.dll is not, as stated. Did you enable hidden files and protected operating system files?

Open System32 folder> Organize> View tab> Tick Show hidden Files, Folders, and Drives> Untick Hide protected Operating System Files (Recommended) (It will ask if you are sure you want to do that, ok it).



See if you can see the dpnaathlp.dll now. Then proceed as zigzag3143 said. This may just be one of several files. Suggest scanning in safe mode with MalwareBytes.

Remember to change the view settings back to where they were> Untick show hidden Files, Folders, and Drives, and Retick Hide protected Operating System Files (Recommended)

A Guy

Edit: See my reply in the other post

http://www.sevenforums.com/system-security/163468-deviiceeject-exe.html

 

[Jacee]

Malware can disguise itself ... in this case, it's very close to a legit file, but it's not legit!

 

[Borg 386]

You could try the following:

Submit the file to VirusTotal and see what comes back.

VirusTotal - Free Online Virus, Malware and URL Scanner

D/L and run Process Explorer, this is something that will allow you to further investigate it.

Process Explorer

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

Note: If this fails to yield anything as to the nature of this file, I would be very suspicious of it and investigate when this file appeared, and try to determine which program you may have D/L ed at that time.