Chirpy Posted January 3, 2013 Posted January 3, 2013 Hello all I have noticed these 2 files (win64cert.dll and win32cert.dll) during my regular maintenance and have not been able to find any information other than they are possible trogan files. They were first noticed on the 10/12 2012. They are stored in the pc in a very unusual way such as; C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Wincert Does anyone have any experience with these files? Your help would be greatly appreciated. Thanks Quote
bphlpt Posted January 3, 2013 Posted January 3, 2013 No record of any such file names or paths on my PC. I'm on here quite a bit, and my install was done over a year ago, so I'm not sure where you came up with that. Let us know what you find out. Cheers and Regards Quote
NIM Posted January 3, 2013 Posted January 3, 2013 Please rest assured that this file didn't came from this forum because of its folder and file name.I have tried to dig some info about this file but I can't found any useful info. I know that wincert.dll was one of the files that came with Bamital trojan and it could be a new variant of these trojan not yet discovered by Anti-virus software. Apparently this file appeared around 10 days ago and is still being reviewed. http://www.prevx.com/filenames/X3934238878414810091-X1/WIN64CERT.DLL.htmlhttp://systemexplorer.net/file-database/file/win64cert-dll According to this site win32cert.dll is Safehttp://systemexplorer.net/file-database/file/win32cert-dll Emsisoft still needs to review the file:http://www.isthisfilesafe.com/filename/win32cert.dll_details.aspx Also, still no information from Virus Totalhttps://www.virustotal.com/analisis//file/db7c0b803c634f5e5c7734f1b142f41a370fe2d62c84571adc016c836038cceb/analysis/ Please try to upload this files to Virus Total https://www.virustotal.com/ Quote
artzig Posted February 7, 2013 Posted February 7, 2013 The file/s look suspect even just down to their pathname. If it was me I'd run a simple disk check first with a 'no fix' option to see if there's signs of hard disk corruption (the echoing pathname is sometimes a sign of this) without changing anything. If that is clear try renaming the DLLs and see what happens. Have a look at the old sysinternals.com tools now under the umbrella of MS for some simple but effective tools to try to see what's going on. Virsustotal is a useful site but I have known it generate false positives for some benign files. I got a JPG file, copied and pasted in about 200bytes of a benign EXE file into the front of it and sent it to VT to see what it would make of it. It came up 4/45 infected and with differing names. Obviously if there's enough 'random' data there if going to be able to make something out of it at some point. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.