Computer Help forum

General discussion

HELP DCOM Exploit got in

by withalilhelp / February 27, 2007 4:39 AM PST

Well all that probing found a way in through Outlook then my new Thunderbird. I got the trojan iv my Avast virus chest, supposedly. The name of it in the chest says; KillProcDLL.dll and originated in
C:\DOCUME~\Jim\Locals~1\.... Thunderbird had Highlighted two emails I got recently & had put into folders. Not used to Thunderbird I opened them wondering if it was some new reply from someone then soon after I got the Avast virus warning window & put it in the virus chest like I was prompted to. Do I go searching for a virus removal tool or what? Thanks. XP Home on a HP Pavilion zv6000 laptop. PS I need to warn who I forwarded it too also, right?

Discussion is locked
You are posting a reply to: HELP DCOM Exploit got in
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: HELP DCOM Exploit got in
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Dupe thread
by tomron / February 27, 2007 5:05 AM PST

Many threads make it difficult too follow,click HERE too follow.

Tom

Collapse -
That was NOT because of any DCOM exploit.
by Edward ODaniel / February 27, 2007 5:55 AM PST

KillProcDLL.dll could be used for installing a trojan but then it is also used when installing CCleaner. It is a plugin to NSIS (Nullsoft Scriptable Install System) which is a "professional open-source tool for the development of Windows installers."

The author tells (http://nsis.sourceforge.net/KillProcDLL_plug-in):

I made this plug-in to fit my need to close MSN Messenger application in order to overwrite a DLL without the need of prompting the user to do it (so it can be installed by REAL newbies) or rebooting the computer through the installation process.

If it got onto your system and you didn't install anything that uses the Nullsoft installer it is highly probably that you got it as an attachment on an email (matter of fact you more or less come out and indicate that is exactly what happened). If it is quarantined you can delete it and it will be gone.

In one of your many other threads on DCOM I offered you a couple of links so you could educate yourself on exactly what DCOM is and make a decision to either configure or disable. Had you read those links you would have immediately seen that your present "problem" has nothing to do with DCOM (although it may have exploited your opening of an email your AV (not thunderbird) had already alerted you to. It appears though that your AV then went on and took care of the "problem" before it became one.

Collapse -
dcom exploit
by withalilhelp / February 27, 2007 6:19 AM PST

I wrote all your tips down anyway and plan to reconfigure and I thank you again but it was after the or a nother virus actually got in. No I didn't use that installer and I'm quite sure it did come from a mail attach. So this is a new problem to get rid of and reconfigure for dcom is something else for me to do right? sorry about too many different post. after I made the first new one I had to figure out what tom meant and went back to my orig. then the second got a reply that I felt I should answer. Then I got a virus and needed it to get seen as a new development. So sorry for that. thanks for the help. I'll stay off now since I am upsetting some without attempting to.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.