ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Question about Infected System Files
feuerrabe


Joined: 31 Jul 2009
Posts: 2
Reply with quote
I apologize if there is an answer to my question somewhere on the page already, but I couldn't find anything, so I decided to ask here.

I have used ClamWin for the first time today and it found a virus. I ran it through the scanner at jotti to confirm it is indeed an infection, but now I am at a loss what to do with the infected file. It's a system file, dll to be specific. I can't just delete it, can I? Any advice, do I need professional help with this?

This is the ClamWin Scan Report:

C:\WINDOWS\system32\dll32.exe: Worm.Koobface-21 FOUND

Thank you in advance for any answers!
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4905
Location: USA
Reply with quote
You can go beyond a scan on Jotti or VirusTotal if you want more information about a file. Here's what I found by Googling the filename: http://www.liutilities.com/products/wintaskspro/processlibrary/dll32/ on the web. It's a process that is registered as a backdoor, so it's bad.

If you have an MD5 file hasher program, you can do a file hash on a file, and then Google the hash--a standard easy technique for a virus researcher. If it's bad, you will frequently see a reference to it--often on Threat Report. Come to think of it, Jotti will give you the MD5 hash for a file after it's scanned. Look for it.

Looking at the date can sometimes also tell you something--when it was placed on your computer. I've looked at some virus files in Windows Properties (right click in Windows Explorer) and seen them modified before they were created!

As to what to do, you've got a lot of options. You can set ClamWin to Quarantine or Remove and so a scan--just on that file, but be sure to set it back to Report Only after the scan. You can delete the file manually by right-clicking on it in Windows Explorer. You could even also rename it (say dll.dll.infected), and keep it around for your collection somewhere!

That file name is very suspicious, so you can probably delete it without any problem. Set a system restore point before you do, however, just in case.

Regards,
View user's profileSend private message
feuerrabe


Joined: 31 Jul 2009
Posts: 2
Reply with quote
Thank you so much for your answer! I have deleted the file and I'm going to do some more scans now.
View user's profileSend private message
Kim456


Joined: 14 Jan 2022
Posts: 1
Reply with quote
I am very interested in this discussion. I have many important files on my computer and I do not want to lose them because of virus. What type of antivirus protection would you recommend? I am a freelance writer and currently, I am working for http://essay-on-line.com/ I don't want to risk my good reputation and lose a well-paid job.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4905
Location: USA
Reply with quote
I would recommend ClamWin, but it is not a real-time scanner, plus the signatures we get from the Clam AV Project (owned by Cisco) are not enough protection. So I'll recommend Microsoft Defender. You can't go wrong with it--no other Av has the resources behind it that Defender has. It there is a problem, they fix it fast, and they do not have to tack anything on it to get additional revenue (like Norton, Avira and many others). Plus it's simple and easy to use.

That's my best recommendation!

Regards,
View user's profileSend private message
Question about Infected System Files
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic