Dumprep1.exe, cannot remove

Discussion in 'ESET NOD32 Antivirus' started by Fontaine, Aug 13, 2008.

Thread Status:
Not open for further replies.
  1. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    ESET NOD32 detects "C:\Windows\System32:dumprep1.exe" but cannot clean it. It says it's probably a variant of Win32/Trojan. There isn't much on the net regarding this one, but I did locate the registry keys and removed them, however it's still there when I scan.
    Important to note is that it's dumprep1.exe and not dumprep.exe which is a valid windows file.
    Using Vista as my OS.
    My computer has been acting real weird lately. After I log in, it sits on a black screen for about five minutes before finally booting. Never had this problem before.
    Any suggestions on how to remove it? I tried a few online scan programs and none of them picked it up.
     
  2. ASpace

    ASpace Guest

    If you use UAC you may need Admin privilages to access System32 folder . Try to boot in Safe Mode , goto that folder and manually remove the file.

    If this doesn't help , use tools like Pocket Killbox or Unlocker (google them)
     
  3. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    Thanks for the reply.
    I have admin priv. and tried to find the file in system32 but it wasn't there. Interesting that the location is system32:dumprep1.exe. Any idea why there is a colon in the path? Never seen that before.
     
  4. ASpace

    ASpace Guest

    Hi!

    At first I though it was a typo (your colon) . However , now you confirm there is a colon.

    This means there is a hidden alternate datastream (ADS) attached to the "System32" folder of Windows. More about them:
    http://en.wikipedia.org/wiki/Fork_(filesystem)

    You can use this tool (called AdSpy) to search for and remove ADS
    http://www.bleepingcomputer.com/files/adsspy.php

    When you perform full scan , at the end , use the program to remove the hidden ADS for dumprep1.exe
    Note ! Run Adspy as administrator
     
Thread Status:
Not open for further replies.