Educause Security Discussion mailing list archives

Re: kraes.dll

From: Tom Gerstner <TGerstner () PATS RUTGERS EDU>
Date: Thu, 22 Jul 2004 09:28:53 -0400

Have you tried running HijackThis? Look for a BHO with that setting. 

Tom Gerstner

Rutgers University

Unit Computing Specialist

Office 1-732-932-2554

Cell-1-848-565-1163


-----Original Message-----
From: Nathan Hall [mailto:hallnk () ONEONTA EDU] 
Sent: Thursday, July 22, 2004 7:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] kraes.dll

I believe this is a randomly named .dll. Try searching for it's effects:
resetting the homepage to res://???.dll/index.html. Searching for this
info I found the following information which may be helpful:
http://www.pchell.com/support/onlythebest.shtml,
http://www.pchell.com/support/lookfor.shtml. 


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Edward Chase
Sent: Wednesday, July 21, 2004 3:33 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] kraes.dll

I'm looking for information on a file named:

c:\windows\kraes.dll

I've run across a machine that's got some internet weirdness going on.
It's
been virused checked, it been run through Ad-adware and Spybot.  It's
been Windows updated and it's been firewalled.  All have been done AFTER
the weirdness started.

The machine keeps wanting to set it's homepage to
res://kraes.dll/index.html (followed by ? and some number which I
forget)

I did find the file above and manually deleted it, yet it somehow came
back.

The machine is Windows XP Home.

I can't find anything via Google.

Anybody heard of this?


--
Edward Chase
Providence College
Information Technology 

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

kraes.dll Edward Chase (Jul 21)
- <Possible follow-ups>
- Re: kraes.dll Clyde Hoadley (Jul 21)
- Re: kraes.dll Nathan Hall (Jul 22)
- Re: kraes.dll Tom Gerstner (Jul 22)
- Re: kraes.dll Young, Beth A. (Jul 22)
- Re: kraes.dll Laura A. Pokalsky (Jul 22)