What is the date and size of Winntsystem32dixinput.dll supposed to be?
On my system it is dated 22 July 2002 and has 20992 bytes.
How can I verify that the file is valid?
I expect that the file was installed either by Win 2000 SP 3 or by VS .Net or by
the SP1 update to the .NET Framework.
Any idea which criiter installed the file?
I ask, because today Norton Auntie Virus 2002 started flagging the file as
being infected with the Backdoor.GWGirl virus.
Anybody else seeing this?
I first saw the problem using the 31 July 2002 virus definitions. Also
with 5 August 2002 virus definitions.
The 26 June 2002 virus definitions do not flag the file.
Results 1 to 4 of 4
Thread: DXInput.dll
-
Gold Lounger
- Join Date
- Dec 2000
- Location
- New Hampshire, USA
- Posts
- 3,386
- Thanks
- 0
- Thanked 0 Times in 0 Posts
2002-08-06 21:03DXInput.dll
-
Subscribe to get a FREE chapter from Windows 7 The Missing Manual
This month, every Windows Secrets subscriber can download a one-chapter excerpt of Windows 7: The Missing Manual.Windows 7: The Missing Manual provides valuable information to help you overcome these difficulties in learning a new operating system. Subscribe today to download your free excerpt.
-
Super Moderator
- Join Date
- Feb 2001
- Location
- Silicon Valley, USA
- Posts
- 23,112
- Thanks
- 5
- Thanked 93 Times in 89 Posts
2002-08-07 03:39Re: DXInput.dll
Pardon me, my previous search wasn't broad enough, and there was a recently discovered variant that plays with/plants the DXINPUT.DLL file: BKDR_GWGIRL.272.
<UL>Upon execution, it drops a copy of itself as SCANREGW.EXE in the Windows System directory. It also drops its keylogger and password stealer component file, DXINPUT.DLL, in the Windows System directory.[/list]Supposedly, it is not yet in the wild, but maybe you are a pioneer! No need to panic:
<UL>This is a backdoor program that can be used as a tool that allows a remote user access and connection to a target machine. However, due to some bugs in the program, it fails to work properly.[/list]<img src=/S/grin.gif border=0 alt=grin width=15 height=15>
-
Gold Lounger
- Join Date
- Dec 2000
- Location
- New Hampshire, USA
- Posts
- 3,386
- Thanks
- 0
- Thanked 0 Times in 0 Posts
2002-08-07 07:43Re: DXInput.dll
I don't think I'm a pioneer, but NAV was misleading.
NAV labeled DXInput.dll has being infected with the Backdoor.GWGirl virus, but the description of Backdoor.GWGirl at the SARC site did not apply.
TrendMicro's description of BKDR_GWGIRL.272 correctly describes the virus and the solution. It also points out that the virus is known as, among other names, Backdoor.GWGIRL.27.cli.
SARC does list Backdoor.GWGirl.27.cli but provides NO identifying info or a solution.
So the probl;em I had was due to a bug in NAV's latest virus definitions, i.e., instead of identifying the virus as Backdoor.GWGirl, the virus should have been identified as Backdoor.GWGirl.27.cli, which is alleged to be detected by the 5 August 2002, and maybe earlier, NAV virus defs.
-
Platinum Lounger
- Join Date
- Dec 2000
- Location
- Hornsby Heights, New South Wales, Australia
- Posts
- 3,822
- Thanks
- 0
- Thanked 0 Times in 0 Posts
2002-08-07 07:46Re: DXInput.dll
Just goes to show. NEVER trust anybody ! <img src=/S/sarcasm.gif border=0 alt=sarcasm width=15 height=15>
Cheers, Claude.
http://lounge.windowssecrets.com/S/flags/Australia.gif
