Jump to content

crypt32chain on new Windows install - spyware?

-Demosthenes-

By -Demosthenes-
in Computer Science

 Share

Recommended Posts

-Demosthenes-

-Demosthenes-

Posted
Posted

I just re-installed Windows, downloaded a few programs (itunes, firefox, google earth, spybot, and adaware) and updated. I was looking through the processes to get rid of the usuals at start up, like quicktime. I ran into an odd one: crypt32chain, so I googled it. Everyone says that it's spyware, on a brand new install?

Dak

Dak

Posted
Posted

iirc, crypt32.dll is something to do with NT encryption -- its started by winlogon, and the registry key that starts it (under winlogon/notify) is called crypt32chain.

 

so... if you have a file, called crypt32.dll, that's reffered to in the startup moniter as crypt32chain, it's fine

 

If you have an actual file called crypt32chain.dll, it's a trojan, trying to spoof the legitimate file.

doG

doG

Posted
Posted

Install Sysinternals Process Explorer. Run it to see what processes are running and what processes own them. Pausing your cursor over each process will show the complete path so that you can locate it. Crypt32chain.dll is a trojan. Kill it and the process that owns it. Delete it from the system at the path given.

 

If it's a trojan it may be harder to delete than one might think. After deleting it reboot your machine to see if it returns. Some trojan variants will store a copy of themselves somewhere else on the machine in order to restore themselves when you reboot. This is usually handled by some registry entry. If this happens install a copy of regmon, enable the boot logger and reboot. It will write a log file of all the registry processes executed during boot so you can track down what regkeys are restoring it.

 

HTH,

5614

5614

Posted
Posted

crypt32chain.dll is a file which is part of a trojan.

 

crypt32.dll is a Windows file and is fine.

 

Therefore you are ok. :)

  • 3 years later...
alex88

alex88

Posted
Posted (edited)

after you posted the subject i was curious. and the file that runs is crypt32.dll. just to be sure i checked the file with KIS 7. nothing. so it must be a windows file.

Edited by Pangloss
post approved by mod, site link appears to be legit

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.