dll error?????

Discussion in 'Software' started by Mitzs, Jan 21, 2008.

  1. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,286
    85
    152
    c:\windows\system32\usgmqntn.dll - module could not be found

    This is for a nontech online friend. But I can not find anything on it all. Anyone have any ideas?
    I'm wondering if he has a trojan. Oh and the machine is xp
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  2. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    Can't find it on my work XP Pro machine, so either its an optional install item or its bit suspect.

    Obviously its looking in the System32 folder which is for windows libraries mainly, a DLL is a dynamic link library. However any trusted process could copy stuff into this folder so it could be a virus installed by a trojan.

    Names like mq tend to mean message queue which is part of the COM+ middleware.

    Obviously nt probably means its coded for the NT family of OS's.

    However a virus would probably use a viable sounding name so this again means little.

    While theres process databases online there are not library databases so your best bet might be to find the process thats trying to load the library.

    You may find these useful :-

    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

    http://technet2.microsoft.com/windo...e297-422c-9873-9538cab18ee61033.mspx?mfr=true

    Sounds like you don't have the dll, but if you did you could use something like this :-

    http://www.heaventools.com/PE_Explorer_Exports_Viewer.htm
    http://technet.microsoft.com/en-us/sysinternals/bb896656.aspx

    The SysInternals suite is always worth a look when you wanna see whats happening in your system...

    Dave
     
  3. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    Sometimes it is worth searching the Registry for the filename - the path it appears in can give some clues.

    Otherwise Sysinternals 'process explorer' might show things up.

    Edit: It occurs to me that this error message must have appeared in a MessageBox. In most cases there is often a clue as to the app involved elsewhere in the box, such as the title.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  4. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    I can't find it on my machine either. Have you got Spybot search and destroy or regcure etc, you could see if those come up with any invalid dll entries. Also run a full virus scan and see what results you get.

    I would say that it is either that dll file relates to an app you are running or its an app created by a trojan.

    Let us know how it goes.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  5. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,286
    85
    152
    I am trying to help him troubleshoot in IM right now. It is going to be slow going. I had a hell of a time with him lastnight trying to help him find his my computer, so I could know what os was on his laptop. I have forgotten what it is like to work with nontechs on their puters. No way I could ever do help desk. :biggrin
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  6. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    180
    287
    Sometimes a virus will cause a PC to look for a non-existent dll file in order to skrew up the system. In my opinion, it's worked.
     
    Certifications: A+ and Network+
  7. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,286
    85
    152
    Yes that is what I"m hoping for too. But then again, I need to get him and his wife trained to treat thier pc with a little respect to.
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  8. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    Actually I'd be surprised if you got off that light, a badly written virus would do that, but it probably means its also installed other stuff all over the shop, if thats what it is.

    It could just be a valid file that comes with some micosoft software we're not aware of and somehow it got deleted.

    Some virues attach their payload to other files, an AV might just delete or quarantine the file causing issues like this.

    Theres many possibilities...
     
  9. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,286
    85
    152
    well I know he has something, when he went to get online his avast pop up and said it had found something. But it could not delete it. So I had him download avg and and is now running that. We shall see. After that, I'm having him download conter spy, to see what it can find
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  10. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,286
    85
    152
    good god, the man is eat up. AVJ has found 5 differnt things. All appear to be trojans so far. :ohmy
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  11. VantageIsle

    VantageIsle Kilobyte Poster

    446
    8
    49
    ^Yikes, I hope they have their windows XP disk close to hand:rolleyes:
     
    Certifications: A+, ITIL V3, MCSA, MCITP:EST, CCENT, 70-432-SQL, 70-401 SCCM
    WIP: MCSA upgrade MCITP:SA then EA
  12. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Bad news. Try to kill everything if it can't get everything then a reinstall may be in order.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.