M
Marea
This file is relatively new and none of my antispyware
eg adaware microsoft antispyware avast trend micro's
syclean recognise it as a virus, but MVP said it's not a
system file and he suspects its a virus. I have tried
deleting it and any registry entries but it reinvents
itself.
REPORT
**********************************************************
**********
FileAlyzer © 2003 Patrick M. Kolla. All Rights Reserved.
**********************************************************
**********
File: C:\Documents and Settings\Marea\Local
Settings\Temp\{1E8249A3-97BA-4334-9E8A-8741C683B1C8}
\_extra\objects\cmdline.dll
Date: 11/04/2005 10:51:54 PM
***** General
******************************************************
Location: C:\Documents and
Settings\Marea\Local Settings\Temp\{1E8249A3-97BA-4334-
9E8A-8741C683B1C8}\_extra\objects\
Size: 32768
Version: 1.0.0.1
CRC-32: C07F9F59
MD5: C377C3074386CC5F23EF34C618D3B537
Read only: No
Hidden: No
System file: No
Directory: No
Archive: Yes
Symbolic link: No
Time stamp: Monday, 11 April 2005 10:42:30 PM
Creation: Monday, 11 April 2005 10:42:30 PM
Last access: Monday, 11 April 2005 12:00:00 AM
Last write: Monday, 11 April 2005 10:42:30 PM
***** Version
******************************************************
Supported languages:: English (United States) (1033/1200)
--- Version ----------------------------------------------
----------
File version: 1, 0, 0, 1
Company name:
Internal name: cmdline
Comments:
Legal copyright: Copyright 2003
Legal trademarks:
Original filename: cmdline.DLL
Product name: cmdline Module
Product version: 1, 0, 0, 1
File description: cmdline Module
Private build:
Special build:
***** Resources
****************************************************
--- REGISTRY ---------------------------------------------
----------
101
--- TYPELIB ----------------------------------------------
----------
1
--- String Table -----------------------------------------
----------
7
--- Version Info -----------------------------------------
----------
1
***** PE Header
****************************************************
Signature: 00004550
Machine: 014C - Intel 386
Number of sections: 0005
Time/Date stamp: 3E3D0AFD
Pointer to symbol table: 00000000
Number of symbols: 00000000
Size of optional header: 00E0
Characteristics: 210E
Magic: 010B
Linker version (major): 06
Linker version (minor): 00
Size of code: 00003000
Size of initialized data: 00004000
Size of uninitialized data: 00000000
Address of entry point: 00001000
Base of code: 00001000
Base of data: 00004000
Image base: 10000000
Section alignment: 00001000
File alignment: 00001000
OS version (major): 0004
OS version (minor): 0000
Image version (major): 0000
Image version (minor): 0000
Sub system version (major): 0004
Sub system version (minor): 0000
Win32 version: 00000000
Size of image: 00008000
Size of headers: 00001000
Checksum: 00000000
Sub system: 0002 - Windows graphical
user interface (GUI) subsystem
DLL characteristics: 0000
Size of stack reserve: 00100000
Size of stack commit: 00001000
Size of heap reserve: 00100000
Size of heap commit: 00001000
Loader flags: 00000000
Number of RVA: 00000010
***** PE Sections
**************************************************
CRC-32: ?
MD5: ?
----- PE Sections ----------------------------------------
----------
Section VirtSize VirtAddr PhysSize PhysAddr Flags
.text 000029EC 00001000 00003000 00001000 60000020
.rdata 00000994 00004000 00001000 00004000 40000040
.data 000002C9 00005000 00001000 00005000 C0000040
.rsrc 00000DD8 00006000 00001000 00006000 40000040
.reloc 00000378 00007000 00001000 00007000 42000040
***** Import/Export table
******************************************
--- Export table (names: 4, functions: 4) ----------------
----------
#0 -
DllCanUnloadNow
#1 -
DllGetClassObject
#2 -
DllRegisterServer
#3 -
DllUnregisterServer
--- Import table (libraries: 5) --------------------------
----------
KERNEL32.dll (imports:
34)
GetSystemInfo
HeapCreate
lstrlenW
MultiByteToWideChar
InterlockedDecrement
lstrlenA
GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
DebugBreak
lstrcpyA
lstrcatA
GetCommandLineA
InterlockedIncrement
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
LoadResource
FindResourceA
LoadLibraryA
USER32.dll (imports:
1)
CharNextA
ADVAPI32.dll (imports:
9)
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCreateKeyExA
ole32.dll (imports:
4)
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
OLEAUT32.dll (imports:
8)
#277
#162
#4
#7
#161
#163
#6
#2
Thanking you in advance
Marea
Australia
eg adaware microsoft antispyware avast trend micro's
syclean recognise it as a virus, but MVP said it's not a
system file and he suspects its a virus. I have tried
deleting it and any registry entries but it reinvents
itself.
REPORT
**********************************************************
**********
FileAlyzer © 2003 Patrick M. Kolla. All Rights Reserved.
**********************************************************
**********
File: C:\Documents and Settings\Marea\Local
Settings\Temp\{1E8249A3-97BA-4334-9E8A-8741C683B1C8}
\_extra\objects\cmdline.dll
Date: 11/04/2005 10:51:54 PM
***** General
******************************************************
Location: C:\Documents and
Settings\Marea\Local Settings\Temp\{1E8249A3-97BA-4334-
9E8A-8741C683B1C8}\_extra\objects\
Size: 32768
Version: 1.0.0.1
CRC-32: C07F9F59
MD5: C377C3074386CC5F23EF34C618D3B537
Read only: No
Hidden: No
System file: No
Directory: No
Archive: Yes
Symbolic link: No
Time stamp: Monday, 11 April 2005 10:42:30 PM
Creation: Monday, 11 April 2005 10:42:30 PM
Last access: Monday, 11 April 2005 12:00:00 AM
Last write: Monday, 11 April 2005 10:42:30 PM
***** Version
******************************************************
Supported languages:: English (United States) (1033/1200)
--- Version ----------------------------------------------
----------
File version: 1, 0, 0, 1
Company name:
Internal name: cmdline
Comments:
Legal copyright: Copyright 2003
Legal trademarks:
Original filename: cmdline.DLL
Product name: cmdline Module
Product version: 1, 0, 0, 1
File description: cmdline Module
Private build:
Special build:
***** Resources
****************************************************
--- REGISTRY ---------------------------------------------
----------
101
--- TYPELIB ----------------------------------------------
----------
1
--- String Table -----------------------------------------
----------
7
--- Version Info -----------------------------------------
----------
1
***** PE Header
****************************************************
Signature: 00004550
Machine: 014C - Intel 386
Number of sections: 0005
Time/Date stamp: 3E3D0AFD
Pointer to symbol table: 00000000
Number of symbols: 00000000
Size of optional header: 00E0
Characteristics: 210E
Magic: 010B
Linker version (major): 06
Linker version (minor): 00
Size of code: 00003000
Size of initialized data: 00004000
Size of uninitialized data: 00000000
Address of entry point: 00001000
Base of code: 00001000
Base of data: 00004000
Image base: 10000000
Section alignment: 00001000
File alignment: 00001000
OS version (major): 0004
OS version (minor): 0000
Image version (major): 0000
Image version (minor): 0000
Sub system version (major): 0004
Sub system version (minor): 0000
Win32 version: 00000000
Size of image: 00008000
Size of headers: 00001000
Checksum: 00000000
Sub system: 0002 - Windows graphical
user interface (GUI) subsystem
DLL characteristics: 0000
Size of stack reserve: 00100000
Size of stack commit: 00001000
Size of heap reserve: 00100000
Size of heap commit: 00001000
Loader flags: 00000000
Number of RVA: 00000010
***** PE Sections
**************************************************
CRC-32: ?
MD5: ?
----- PE Sections ----------------------------------------
----------
Section VirtSize VirtAddr PhysSize PhysAddr Flags
.text 000029EC 00001000 00003000 00001000 60000020
.rdata 00000994 00004000 00001000 00004000 40000040
.data 000002C9 00005000 00001000 00005000 C0000040
.rsrc 00000DD8 00006000 00001000 00006000 40000040
.reloc 00000378 00007000 00001000 00007000 42000040
***** Import/Export table
******************************************
--- Export table (names: 4, functions: 4) ----------------
----------
#0 -
DllCanUnloadNow
#1 -
DllGetClassObject
#2 -
DllRegisterServer
#3 -
DllUnregisterServer
--- Import table (libraries: 5) --------------------------
----------
KERNEL32.dll (imports:
34)
GetSystemInfo
HeapCreate
lstrlenW
MultiByteToWideChar
InterlockedDecrement
lstrlenA
GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
DebugBreak
lstrcpyA
lstrcatA
GetCommandLineA
InterlockedIncrement
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
LoadResource
FindResourceA
LoadLibraryA
USER32.dll (imports:
1)
CharNextA
ADVAPI32.dll (imports:
9)
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCreateKeyExA
ole32.dll (imports:
4)
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
OLEAUT32.dll (imports:
8)
#277
#162
#4
#7
#161
#163
#6
#2
Thanking you in advance
Marea
Australia