How to get rid of orphan file links from your Shell32.dll? I don'tthink there's a way Is everybody

  • Thread starter Thread starter RayLopez99
  • Start date Start date
R

RayLopez99

I may be on the wrong track or overthinking this, but I think your /System32/Shell32.dll file has all kinds of junk in it from orphan programs that are no longer used.

For example, everybody's Shell32.dll is different, correct? Below is mine--you'll note it's 12.2MB in size and has the checksums as shown. Yours is probably different?

Now if you manually or otherwise remove programs, like in my case the e-reader "KooBits4", you'll get a pointer in your Startup (since KooBits, like many programs, apparently wants to load in the background like a virus), which points to desktop.ini (a hidden file in every folder) which points to "Shell32.dll", which I am guessing has something related to KooBits4 and 1000s of other programs that want to run in the background.

So, after removing the program, how to get rid of the pointer in Shell32.dll? I don't think there's a way, short of recompiling the .dll which nobodyin their sane mind would do, as it's a system file.

Or am I on the wrong track?


RL

Shell32.dll
12.2 MB
modified 11/21/2010
File version: 6.1.7.601.17514

MD5 Checksum: 16AB4BD2ACC52109F43739BF0E89E18F
SHA-1 Checksum: 1BA58D221A2C95178AE479AFFC29585B3A37BD01

Generated by MD5 & SHA-1 Checksum Utility @ http://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility
 
RayLopez99 said:
I may be on the wrong track or overthinking this, but I think your /System32/Shell32.dll file has all kinds of junk in it from orphan programs that are no longer used.

For example, everybody's Shell32.dll is different, correct? Below is mine--you'll note it's 12.2MB in size and has the checksums as shown. Yours is probably different?

Now if you manually or otherwise remove programs, like in my case the e-reader "KooBits4", you'll get a pointer in your Startup (since KooBits, like many programs, apparently wants to load in the background like a virus), which points to desktop.ini (a hidden file in every folder) which points to "Shell32.dll", which I am guessing has something related to KooBits4 and 1000s of other programs that want to run in the background.

So, after removing the program, how to get rid of the pointer in Shell32.dll? I don't think there's a way, short of recompiling the .dll which nobody in their sane mind would do, as it's a system file.

Or am I on the wrong track?


RL

Shell32.dll
12.2 MB
modified 11/21/2010
File version: 6.1.7.601.17514

MD5 Checksum: 16AB4BD2ACC52109F43739BF0E89E18F
SHA-1 Checksum: 1BA58D221A2C95178AE479AFFC29585B3A37BD01

Generated by MD5 & SHA-1 Checksum Utility @ http://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility
Click to expand...

You can go to virustotal.com, click the "search" option below the search box,
and enter the MD5sum. If virustotal.com can't find it, that would be a bad
sign (means "custom malware"). If the file is found, it could be a bog-standard
file with no additions.

Click the "File Details" button.

https://www.virustotal.com/en/file/...a581836e0e0839047471622f31a4a065dd7/analysis/

File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)

So now, a least I know we're talking about Windows 7 SP1.

The file is signed. If any program added code to it, it
would invalidate the signature. See if there is a way
to verify the signature. Try Properties, and see if there
is a way.

I checked a VM image with Win7 SP1 in it, and lo and behold,
it has the same MD5sum as yours. So it's not patched. That
means the shell32.dll is "as delivered" on the SP1 DVD.

There are plenty of ways for applications to make changes
to a system. But patching system executables, isn't one of them.

This is the protection feature for system files.

http://en.wikipedia.org/wiki/Windows_Resource_Protection

Paul
 
So, after removing the program,
Click to expand...
how to get rid of the pointer in Shell32.dll? I don't think there's a
way, short of recompiling the .dll which nobody in their sane mind
would do, as it's a system file.

-
I get it a fair amount if not running the last/latest XP with updates.
There always alternatives to getting something done from another
approach or program;- So far and generally for summarily ditching them
if they don't like my scheme of updates. With computers heading more
and more into a likes cloud distribution centers, incessant updates or
posed security issues at risk, I just haven't the patience to play
along. I hack, crack, jam, cram, slam, and stuff them into kludge, as
best I humbly may;- as for the rest, best to let God sort 'em out.
 
Back
Top