Dumprep1.exe, cannot remove

Discussion in 'ESET NOD32 Antivirus' started by Fontaine, Aug 13, 2008.

Thread Status:
Not open for further replies.
  1. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    ESET NOD32 detects "C:\Windows\System32:dumprep1.exe" but cannot clean it. It says it's probably a variant of Win32/Trojan. There isn't much on the net regarding this one, but I did locate the registry keys and removed them, however it's still there when I scan.
    Important to note is that it's dumprep1.exe and not dumprep.exe which is a valid windows file.
    Using Vista as my OS.
    My computer has been acting real weird lately. After I log in, it sits on a black screen for about five minutes before finally booting. Never had this problem before.
    Any suggestions on how to remove it? I tried a few online scan programs and none of them picked it up.
     
  2. ASpace

    ASpace Guest

    If you use UAC you may need Admin privilages to access System32 folder . Try to boot in Safe Mode , goto that folder and manually remove the file.

    If this doesn't help , use tools like Pocket Killbox or Unlocker (google them)
     
  3. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    Thanks for the reply.
    I have admin priv. and tried to find the file in system32 but it wasn't there. Interesting that the location is system32:dumprep1.exe. Any idea why there is a colon in the path? Never seen that before.
     
  4. ASpace

    ASpace Guest

    Hi!

    At first I though it was a typo (your colon) . However , now you confirm there is a colon.

    This means there is a hidden alternate datastream (ADS) attached to the "System32" folder of Windows. More about them:
    http://en.wikipedia.org/wiki/Fork_(filesystem)

    You can use this tool (called AdSpy) to search for and remove ADS
    http://www.bleepingcomputer.com/files/adsspy.php

    When you perform full scan , at the end , use the program to remove the hidden ADS for dumprep1.exe
    Note ! Run Adspy as administrator
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.