How can I know which DLL safe or unsafe ?

Discussion in 'other security issues & news' started by OPEN EYE, Jul 5, 2005.

Thread Status:
Not open for further replies.
  1. OPEN EYE

    OPEN EYE Guest

    who can I know which DLL safe or unsafe ?
    is there any software can tell me ?
     
  2. OPEN EYE

    OPEN EYE Guest

    Re: who can I know which DLL safe or unsafe ?

    (((how))) can I know which DLL safe or unsafe ?
    :) not who

    who
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Re: who can I know which DLL safe or unsafe ?

    dlls for what? what program are u referring to?
     
  4. open eye

    open eye Guest

    Re: who can I know which DLL safe or unsafe ?

    DLL in general
    id like to know which is trojan and which is safe
     
  5. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Re: who can I know which DLL safe or unsafe ?

    Why not use an anti trojan such as EWIDO or A-SQUARED they will do it for you, and are free.
     
  6. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Re: who can I know which DLL safe or unsafe ?

    All executables in general. How can you tell if notepad.exe is safe?

    On a secure system use an integrity scanner (tripwire comes to mind) and beware of what you download all the time. Then scan all you can.
     
  7. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Re: who can I know which DLL safe or unsafe ?

    You can download and run a program called DllCompare. It has a library of good known Dll's. It will scan your pc and tell you the one's it does not know. Look here at the thread and scroll down to the 7th entry from Swandog46. There is a link to download the program. I used it a while back and it found 6 unknown dll's. I sent them to the author of BOClean and one of them was from a trojan. So it came in handy.
    http://www.spywareinfoforum.com/lofiversion/index.php/t40458.html

    Once downloaded, run it and hit Run Locate.com then hit Compare. The scan is very quick. Once the scan is complete, you will see two windows. The top one contains all the known dll's, the bottom one contains the unknown one's. You can save a log file and then if you are concerned at any findings you can zip the dll's and send them to your AV/AT/AS vendor for analysis.

    muf
     
    Last edited: Jul 6, 2005
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Re: who can I know which DLL safe or unsafe ?

    Muf,
    Thanks for the DllCompare.exe, but it didn't find any unknown .dll file on my harddisk.
    I keep it anyway, you never know what will happen in the future.
    There is nothing so insecure like security. :rolleyes:

    P.S.: like or as, sometimes I have a problem to use the right one LOL.
     
  9. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Re: who can I know which DLL safe or unsafe ?

    well It found a lot on mine. I wonder if these are legit. How do I find info? The "rad" just appears to be Omega's modified radlinker files (radclocker - graphics card overclocker)

    *edit. I just uninstalled Omega drivers so I can install the latest one 2.6.42 and I'm about to reboot to install the new drivers but ran the test again

     
    Last edited: Jul 6, 2005
  10. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Re: who can I know which DLL safe or unsafe ?

    i found this link where a person has similar log to u, however the thread is in german or dutch i think. neways here the link. the dlls are from omega drivers and radlinker.
     
  11. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Re: who can I know which DLL safe or unsafe ?

    Yes, I edit my post above. There is only one in question now.

    Could be stickynotes I had installed at one time.
     
  12. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Nice proggy Muf, thanks ;)

    I found two on my system, but they seem to be normal after a Google here and seems like nothing to worry about, unless of course someone says so. :'(

    Cheers, TAS
     
  13. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Re: who can I know which DLL safe or unsafe ?

    This is one of the 6 files i had on my pc. Still do actually!!! Kevin at BOClean checked all 6 out and there was only one that was a bad one. The Archlib.dll was a legit dll and was not malicious.

    Anyway, glad you found a use for it. I have no idea how up to date it is, or whether the author is still actively supporting it. I'm gonna look on Google to see if i can trace the author's website. If anyone else wants to try then that would help. It is one of those little apps that appears to be nothing too special but it does a nice little job and if it's kept up to date would be a smashing little app to have as a once a month cursory check.

    muf
     
  14. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,694
    Location:
    Texas
    Hello Muf, Thanks for the info about dll compare. I found 6 dll's windows did not know about. The dll's came from trying to install & older version of office, while a newer version was already on the the machine. Backed the 6 dll's up & deleted no problems! Thanks

    rico
     
  15. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  16. j.russell

    j.russell Guest

    Hi,

    I ran a scan with dll compare and got this list of ddl's. I checked at the link provided by WSFuser and most are not recognised dll's. Anyone know how I can find out if they are safe or not? Or could they be trojan/malware? Thanks.

    C:\WINDOWS\SYSTEM32\msexcl35.dll Fri Sep 10 1999 2:06:38a A.S.. 252,688 246.77 K
    C:\WINDOWS\SYSTEM32\msjet35.dll Wed Sep 29 1999 1:42:48a A.S.. 1,050,896 1.00 M
    C:\WINDOWS\SYSTEM32\msjint35.dll Thu Jun 10 1999 1:34:04p A.S.. 123,664 120.77 K
    C:\WINDOWS\SYSTEM32\msjter35.dll Thu Jun 10 1999 1:34:04p A.S.. 24,848 24.27 K
    C:\WINDOWS\SYSTEM32\msltus35.dll Fri Sep 10 1999 2:06:38a A.S.. 168,720 164.77 K
    C:\WINDOWS\SYSTEM32\mspdox35.dll Mon Jun 7 1999 10:59:34p A.S.. 250,128 244.27 K
    C:\WINDOWS\SYSTEM32\msrd2x35.dll Sun Apr 25 1999 9:00:00p A.S.. 252,176 246.27 K
    C:\WINDOWS\SYSTEM32\msrepl35.dll Wed Aug 25 1999 6:57:26p A.S.. 415,504 405.77 K
    C:\WINDOWS\SYSTEM32\mstext35.dll Thu Sep 30 1999 11:21:24p A.S.. 166,672 162.77 K
    C:\WINDOWS\SYSTEM32\msxbse35.dll Sun Apr 25 1999 9:00:00p A.S.. 287,504 280.77 K
    C:\WINDOWS\SYSTEM32\vbar332.dll Sun Apr 25 1999 9:00:00p A.S.. 368,912 360.27 K
     
  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    many of those are microsoft files, theyre from microsoft jet 3.5.
     
  18. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    What have tended to do is look on Google for any dll files that dllcompare says are unknown. I think it would be very difficult(but extremely useful) if it had every known dll file in it's library. In practice, i don't believe it would be possible what with all the hundreds of thousands of application's out there that put dll's on your system. I can't honestly believe that any person or company for that matter could add every one. But what i think the author of this application has done is put all the common one's on. So i reckon a quick Google and if you are still uncertain then zip them and send them to your AV's support by e-mail. I think an anti-trojan or anti-spyware vendor would be able to analyse them as well. You could always throw them through jotti's or Virustotals online scanner before sending them off.
    http://virusscan.jotti.org/
    http://www.virustotal.com/xhtml/index_en.html

    muf
     
  19. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    It didn't find anything unknown on my system.. with the amount of stuff I have installed, that's quite impressive :)

    Thanks for the link, Muf, great program.
     
  20. j.russell

    j.russell Guest

    Thanks for the help WSFuser and Muf. I have run full scans with A2 and Ewido and no trojan found so I don't think they are part of any trojans. But like you said Muf it's probably not possible for the program to cover all Dll's. I get to googlin' to see what I can find. Thanks again.
     
Loading...
Thread Status:
Not open for further replies.