Results 1 to 4 of 4

Thread: DXInput.dll

  1. #1
    Gold Lounger
    Join Date
    Dec 2000
    Location
    New Hampshire, USA
    Posts
    3,386
    Thanks
    0
    Thanked 0 Times in 0 Posts

    DXInput.dll

    What is the date and size of Winntsystem32dixinput.dll supposed to be?

    On my system it is dated 22 July 2002 and has 20992 bytes.

    How can I verify that the file is valid?

    I expect that the file was installed either by Win 2000 SP 3 or by VS .Net or by
    the SP1 update to the .NET Framework.

    Any idea which criiter installed the file?

    I ask, because today Norton Auntie Virus 2002 started flagging the file as
    being infected with the Backdoor.GWGirl virus.
    Anybody else seeing this?

    I first saw the problem using the 31 July 2002 virus definitions. Also
    with 5 August 2002 virus definitions.

    The 26 June 2002 virus definitions do not flag the file.

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: DXInput.dll

    Pardon me, my previous search wasn't broad enough, and there was a recently discovered variant that plays with/plants the DXINPUT.DLL file: BKDR_GWGIRL.272.
    <UL>Upon execution, it drops a copy of itself as SCANREGW.EXE in the Windows System directory. It also drops its keylogger and password stealer component file, DXINPUT.DLL, in the Windows System directory.[/list]Supposedly, it is not yet in the wild, but maybe you are a pioneer! No need to panic:
    <UL>This is a backdoor program that can be used as a tool that allows a remote user access and connection to a target machine. However, due to some bugs in the program, it fails to work properly.[/list]<img src=/S/grin.gif border=0 alt=grin width=15 height=15>

  3. #3
    Gold Lounger
    Join Date
    Dec 2000
    Location
    New Hampshire, USA
    Posts
    3,386
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DXInput.dll

    I don't think I'm a pioneer, but NAV was misleading.

    NAV labeled DXInput.dll has being infected with the Backdoor.GWGirl virus, but the description of Backdoor.GWGirl at the SARC site did not apply.

    TrendMicro's description of BKDR_GWGIRL.272 correctly describes the virus and the solution. It also points out that the virus is known as, among other names, Backdoor.GWGIRL.27.cli.

    SARC does list Backdoor.GWGirl.27.cli but provides NO identifying info or a solution.

    So the probl;em I had was due to a bug in NAV's latest virus definitions, i.e., instead of identifying the virus as Backdoor.GWGirl, the virus should have been identified as Backdoor.GWGirl.27.cli, which is alleged to be detected by the 5 August 2002, and maybe earlier, NAV virus defs.

  4. #4
    Platinum Lounger
    Join Date
    Dec 2000
    Location
    Hornsby Heights, New South Wales, Australia
    Posts
    3,822
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DXInput.dll

    Just goes to show. NEVER trust anybody ! <img src=/S/sarcasm.gif border=0 alt=sarcasm width=15 height=15>
    Cheers, Claude.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •