Shoutbox

well i had a trojan, and i've been on the clean up for the past day...

these files came up in scans, is it safe to delete them (shred them with tune up utilities)...

i think i read that the trojan created them, so they shouldn't brake my pc if i do delete them... but just wanted to check they're nothing vital... they are:

c:\windows\system32\ntcvx32.dll

c:\windows\system32\ntswrl32.dll

thanks

EDIT: i have googled them and they come up with a lot of forums about spyware and trojans etc.... but i wanted to know if they are part of windows. thanks

I have neither on my XP installation, they sound dodgy to me.

shredding time

found this

quote:

---

Originally posted by sophos website


This section is for technical experts who want to know more.

Troj/Bdoor-YP is a Trojan for the Windows platform.

When first run Troj/Bdoor-YP copies itself to <System>\vssms32.exe and
creates the following files:

<Windows>\hkr32.asm
<System>\ldapi32.exe
<System>\ntcvx32.dll
<System>\ntswrl32.dll

The following registry entry is created to run vssms32.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
vssms32
<System>\vssms32.exe

The following registry entries are set, affecting internet security:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List\
<Windows>\System32
vssms32.exe
<System>\vssms32.exe:*:Enablednode

Registry entries are created under:

HKCU\Software\

Troj/Bdoor-YP also attempts to install the Trojans Troj/Mpass-B and
Troj/LdPinch-IP.

---

also go to run and type MSCONFIG
make sure that they arnt in the startup tab. if u arnt sure about files in the startup tab then just google them

ah that was the first thing i did... the dodgy startup entry of vssms32.exe is what led me to find the .dll's!