Author Topic: certmgr.dll  (Read 4657 times)

0 Members and 1 Guest are viewing this topic.

Offline slybo

  • Sr. Member
  • ****
  • Posts: 327
certmgr.dll
« on: March 21, 2008, 08:56:48 PM »
I have Pro version 4.7.1098 on a xp sp2 computer. When I run a scan it finds C:\WINDOWS\system32\certmgr.dll and says Unable to scan: The system cannot read from the specified device. I have had this happen for some time but did not think it was bad because it also show 0 infections for the scan, and because this does not show up if I do a boot scan. Can you tell me why this happens and if it is anything to worry about or is it just one of those things because of windows?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: certmgr.dll
« Reply #1 on: March 21, 2008, 09:45:34 PM »
I would suggest you run and post a hijackthis log, because I found this

http://www.bleepingcomputer.com/startups/CertMgr.dll-20150.html

The hijackthis log would confirm an infection.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32897
  • malware fighter
Re: certmgr.dll
« Reply #2 on: March 21, 2008, 09:53:46 PM »
Hi slybo and oldman,

Consider the additional info on this dll, certmgr.dll, where you also mentioned this: http://www.bleepingcomputer.com/startups/CertMgr.dll-20150.html
and this info I also found:
http://www.castlecops.com/t204664-MD5_f95da7c5b3453ca4dff34e2c82ed5663_CertMgr_dll_New.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline slybo

  • Sr. Member
  • ****
  • Posts: 327
Re: certmgr.dll
« Reply #3 on: March 21, 2008, 10:05:07 PM »
The bleeping computer site shows it to be located in C:\WINDOWS\Media where mine is in system32. I also did a google search and find site that says it is a microsoft file. Do you still think I need to do hijack since I am having no problems?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: certmgr.dll
« Reply #4 on: March 21, 2008, 10:14:19 PM »
No, you should be fine. Sorry about that. I did find it is a protected file, which is possibly why I can't be scanned. Though I haven't seen anyone else mention it.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32897
  • malware fighter
Re: certmgr.dll
« Reply #5 on: March 21, 2008, 10:15:07 PM »
Hi slybo,

You could fire this system32 file up to virustotal here: http://www.virustotal.com/
But I guess it is a legit system file, if you have this:
Certmgr.dll   5.1.2600.2914   457,216   23-May-2006   11:54   x86   SP2   SP2QFE

pol

PS It would not hurt you to attach a hjt log.txt file, because we would evaluate it for ye, even if that meant you could fix some empties you do not need any longer,

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline slybo

  • Sr. Member
  • ****
  • Posts: 327
Re: certmgr.dll
« Reply #6 on: March 21, 2008, 10:35:44 PM »
I decided to do the hijackthis and so here is my log and also do I need to uninstall the hijackthis when I am done?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:47 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\AOL\1197062420\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1197062420\ee\AOLDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1197062420\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5248 bytes

Offline slybo

  • Sr. Member
  • ****
  • Posts: 327
Re: certmgr.dll
« Reply #7 on: March 21, 2008, 10:42:51 PM »
Forgot to ask if after you look at my hijackthis log do you think I still need to send the file to virustotal and if so give me a little information about what I will have to do as I have never done that. I had done a hijackthis log a few years back so that was easy. Thanks slybo

Offline slybo

  • Sr. Member
  • ****
  • Posts: 327
Re: certmgr.dll
« Reply #8 on: March 21, 2008, 10:55:43 PM »
I looked at the virustotal.com and in the middle of the page where you upload a file it looks like all I have to do is browse to the file then upload, but does the upload remove the file from my computer? Do I need to make a copy of the file and send the copy? What do I do or after looking at the hijackthis do I need to forget about this? Thanks just wanted to post this in case you say to do this. slybo

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: certmgr.dll
« Reply #9 on: March 21, 2008, 11:00:01 PM »
Your log looks good. If you want to keep hijackthis you can. It won't do anything unless you run it. If you what to remove it, open hjt, click the misc tools button, slide the slider down, click uninstall. Go to the folder it was installed in and delete the folder. In your case, C:\Program Files\Trend Micro\HijackThis

If out of curiouity you want to submit the file to virustotal

To submit a file to virustoal, please click om this link

www.virustotal.com

copy and paste the following into the upload a file box (one at a time if more than one file is listed)

C:\windows\system32\certmgr.dll

scroll down a bit and click "send file", wait for the results and post then in your next reply.

Just saw you post

No the file will not be removed from you computer. Yes that's how you submit a file or use what I posted.

Offline slybo

  • Sr. Member
  • ****
  • Posts: 327
Re: certmgr.dll
« Reply #10 on: March 21, 2008, 11:39:10 PM »
I did the virustotal and from what I understand it looks good. In the result column for each company it had a dash - , I assume this means that nothing bad was found, is this correct. This is the first time I have used virustotal. Also at the top of the list it said Result 0/32(0%). So am I alright on this? Thanks for all your help. slybo

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: certmgr.dll
« Reply #11 on: March 22, 2008, 01:36:08 AM »
Yes that means it's all clear.  :)

Offline slybo

  • Sr. Member
  • ****
  • Posts: 327
Re: certmgr.dll
« Reply #12 on: March 22, 2008, 01:39:10 AM »
Thanks for all your help. I think this case is over. Thanks again. slybo