What are these tmp.dll files ?

Here you can find everything you need to know about Dll-Files. You can also share your knowledge regarding the topic.

Moderators: DllAdmin, DLLADMIN ONLY

Post Reply
dave and rosanna
Posts: 2
Joined: 19 Nov 2009, 00:00

What are these tmp.dll files ?

Post by dave and rosanna »

Hello -
I have a number of files (about 70 - 25mb in size total) with names similar
to:
_005282_.tmp.dll. They appear in \windows\system32 and
\windows\system32\drivers.

They seem to be related to SP2 (I have SP3 installed). For example,
displaying the properties/
file version info, you see something like
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

Thanks for any info.

jose
Posts: 126
Joined: 17 Apr 2009, 23:00

Re: What are these tmp.dll files ?

Post by jose »

On Nov 19, 5:06

davexnet
Posts: 3
Joined: 20 Nov 2009, 00:00

Re: What are these tmp.dll files ?

Post by davexnet »

NO malware detected. For now, I've moved them all into a new folder
prior to eventually deleting them. System is running normally.


"Jose" <jose_ease@yahoo.com> wrote in message
news:75d1ccc1-a500-42e7-9dce-a77416ad39de@n35g2000yqm.googlegroups.com...
On Nov 19, 5:06 pm, "Dave and Rosanna" <davexnet...@yahoo.com> wrote:
> Hello -
> I have a number of files (about 70 - 25mb in size total) with names
similar
> to:
> _005282_.tmp.dll. They appear in \windows\system32 and
> \windows\system32\drivers.

Perform some scans for malicious software first, then fix any
remaining issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

jose
Posts: 126
Joined: 17 Apr 2009, 23:00

Re: What are these tmp.dll files ?

Post by jose »

On Nov 20, 12:06

davexnet
Posts: 3
Joined: 20 Nov 2009, 00:00

Re: What are these tmp.dll files ?

Post by davexnet »

Thanks for the extra details. I did a full drive scan with MBAM,
plus a scan on the new folder I created with Avast Home, which I have
installed.
Didn't find anything.

Last December, I did have a virus, in fact I think it was more than one.
There were some very severe symptoms such as the screen flashing from dark
to
bright. It was very difficult to examine the system, however,
the real time component of Windows Defender caught it and cleaned it enough
that I could restart the system semi-stable and I then used Spybod S&D to
clean
a little more. See this thread re: the infection I had
http://forum.avast.com/index.php?topic=40658.0

I'll submit some of those files to the two sites you mentioned and see what
I get.
I'll update this thread with the info.

Dave

"Jose" <jose_ease@yahoo.com> wrote in message
news:f8fc23e1-64db-48e9-8ddb-d99dcb84843d@n35g2000yqm.googlegroups.com...
On Nov 20, 12:06 pm, "davexnet" <davexne...@yahoo.com> wrote:
> NO malware detected. For now, I've moved them all into a new folder
> prior to eventually deleting them. System is running normally.
>

Did you run full scans with MBAM and SAS?

Those file names are evidence of a infection which may have already
been removed or perhaps a faulty installation sometime prior. The
specific one you mentioned gets hits as malicious on some sites.

Sometimes malware removal is incomplete and things get left behind and
must be cleaned up by hand.

There are other more intense scanning tools that could be used that
will detect and attempt to remove those underscore.dll files in
system32 and drivers, but if full scans of MBAM and SAS run clean, I
would feel pretty good about that and if you have put them in some
kind of confinement folder and nothing is complaining, you may decide
to delete them later.

If you have the time and interest, you can upload some of the
suspicious files (one at a time) to some reputable WWW sites that will
run a bank of scanning tools against them and give you an analysis.
It is a good way to "test" files that don't seem to be sensible and
can help you decide what to do with them.

http://virusscan.jotti.org/en
http://www.virustotal.com/

Post Reply