Jump to content

crypt32chain on new Windows install - spyware?


-Demosthenes-

Recommended Posts

I just re-installed Windows, downloaded a few programs (itunes, firefox, google earth, spybot, and adaware) and updated. I was looking through the processes to get rid of the usuals at start up, like quicktime. I ran into an odd one: crypt32chain, so I googled it. Everyone says that it's spyware, on a brand new install?

Link to comment
Share on other sites

iirc, crypt32.dll is something to do with NT encryption -- its started by winlogon, and the registry key that starts it (under winlogon/notify) is called crypt32chain.

 

so... if you have a file, called crypt32.dll, that's reffered to in the startup moniter as crypt32chain, it's fine

 

If you have an actual file called crypt32chain.dll, it's a trojan, trying to spoof the legitimate file.

Link to comment
Share on other sites

Install Sysinternals Process Explorer. Run it to see what processes are running and what processes own them. Pausing your cursor over each process will show the complete path so that you can locate it. Crypt32chain.dll is a trojan. Kill it and the process that owns it. Delete it from the system at the path given.

 

If it's a trojan it may be harder to delete than one might think. After deleting it reboot your machine to see if it returns. Some trojan variants will store a copy of themselves somewhere else on the machine in order to restore themselves when you reboot. This is usually handled by some registry entry. If this happens install a copy of regmon, enable the boot logger and reboot. It will write a log file of all the registry processes executed during boot so you can track down what regkeys are restoring it.

 

HTH,

Link to comment
Share on other sites

  • 3 years later...

after you posted the subject i was curious. and the file that runs is crypt32.dll. just to be sure i checked the file with KIS 7. nothing. so it must be a windows file.

Edited by Pangloss
post approved by mod, site link appears to be legit
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.