betamax Posted February 3, 2006 Posted February 3, 2006 I noticed this file in my C:\windows\system32 directory with a created date of today. I renamed it to olemdb32.dll.bad and restarted my machine.There it was again. A fresh new copy of it.How do I find out which process is creating this file? Is this a legit file?
cluberti Posted February 3, 2006 Posted February 3, 2006 I'm not entirely certain - run filemon (http://www.sysinternals.com) while deleting the file to see who is placing the file back - it's not a regular file (although oledb32.dll is), so it is entirely possible that foul play should be expected.You could also try running autoruns (again, www.sysinternals.com) and disabling all non-Microsoft items and rebooting to see if you can't delete the file without it returning as well - obviously if that works, it's a non-Microsoft startup item or service causing the issue, and re-enabling things until the problem returns is a good way to figure that out if this is the case.
abc44 Posted February 11, 2006 Posted February 11, 2006 (edited) wow you dont understand how greatful i am.Google had ABSOLUTELY no results on this file besides this website.The file is always re-created once i delete it and reboot. I tried the apps cluberti posted, but to no avail.im wondering if you, 'betamax' solved your problem with olemdb32.dll...thank you Edited February 12, 2006 by abc44
betamax Posted February 12, 2006 Author Posted February 12, 2006 I used Trend Micro's stand alone sysclean package.http://www.trendmicro.com/download/dcs.aspHere's a direct link to the program:http://www.trendmicro.com/ftp/products/tsc/sysclean.comThe readme filehttp://www.trendmicro.com/ftp/products/tsc/readme.txtYou need the virus patterns:http://www.trendmicro.com/ftp/products/pattern/lpt205.zipYou can also get the pre release pattern if you wanthttp://www.trendmicro.com/download/pattern...-disclaimer.aspBoot off of a BartPE disc if you have one. If you don't have BartPE, just boot into safe mode and run it from there.MAKE SURE TO DISABLE SYSTEM RESTORE FIRST.http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_namI don't know if this will do it. But I don't see that file in my folder anymore.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now