Jump to content


Photo

how do spyware execute if its a .dll file??


  • Please log in to reply
4 replies to this topic

#1 lenell86

lenell86

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 06 February 2007 - 03:50 PM

i ran into a issue where a spyware would just plainly infect the system from a rpcc.dll file in the system32 folder of winnt...how does it execute if its not a exe file?? i got rid of it tho by doing the avenger and doing a script to delete it. i just wanted to know how .dll files execute and cause havock...

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 February 2007 - 03:55 PM

The usual way is for rundll32.exe to run it.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 lenell86

lenell86

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 06 February 2007 - 03:58 PM

The usual way is for rundll32.exe to run it.


so your saying even if i highlight or just single click on a dll file, windows automatically uses rundll32.exe to execute them?

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 06 February 2007 - 04:37 PM

Here's an example:


O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\NTService32.dll" ,Run
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 February 2007 - 06:12 PM


The usual way is for rundll32.exe to run it.


so your saying even if i highlight or just single click on a dll file, windows automatically uses rundll32.exe to execute them?

No, something has to start rundll32.exe, as in the example jedi gives above, where a registry entry causes it to be started along with Windows.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button