Cannot Find Shell.dll

[Brad]

I have a custom application running on a computer, and when
it starts up it complains of missing shell.dll. I talked
with their support and they said to more the shell.dll file
to system32\. This fixed the problem until I reboot, then
the shell.dll files goes missing again. Anybody have
anyidea of what is going on here?

Note: the shell.dll file only goes missing from System32\
it remains in System\

Thanks in advance

Brad

 

[Guest]

Hi Brad. Did you resolve your issue? I recently examined
another computer that had these symptoms. Shell.dll was
being deleted by winzk.exe, loading from
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run.
I did not further examine this program though, I simply
removed it. Makes me curious now, though.

If you check the processes running on your computer from
the Task Manager,. Kill everything not necessary until
shell.dll is not deleted. You will probably find one
unusually named process that is responsible for this.

A better way to do this, if you have the initiative, would
be to enable auditing on the file. You need to enable
auditing of "Object Access" using the "Local Security
Policy" administrative tool. Using the NTFS permission
editor (right click on the file, choose properties, click
on the Security tab, then the Advanced button. Then click
the Auditing tab, click the "Add" button, type in
"Everyone" for the name, and when prompted place a check
mark by "Delete" under both the success and failure columns).

Once auditing is enabled, check the "Event Viewer" in the
Administrative tools control panel applet to view the
"Security" log. This log should record an entry each time
the file is deleted, and should show you exactly which
process is deleting shell.dll. I am curious as to what
malware is running around doing this.

 

[Daddio]

I just got my system cleaned after having this same problem. You've go
a new variant of the coolwebsearch hijack on your hands. I went to
bunch of forums looking for a solution. CWSShredder did not work
AdAware with the latest defs did not work. What finally worked wa
using HJT to fix the registry in safe mode. This did not fix i
completely... After rebooting I ran Trend-Micro online virus search an
it found it and killed it


-
Daddi