A forum for reverse engineering, OS internals and malware analysis 

 #19865  by TETYYSs
 Sat Jun 29, 2013 7:25 am
I found this DLL named dll.dll in my %SystemRoot%\W7FBC folder, and this DLL was injected into my explorer.exe, can someone tell is it malware? Also attaching 2 .reg files which were in W7FBC.
Attachments
passwd: infected
(85.93 KiB) Downloaded 30 times
 #19871  by R136a1
 Sat Jun 29, 2013 12:53 pm
You probably used this tool: http://www.thewindowsclub.com/windows-7 ... r-released

Windows 7 Folder Background Changer is just a GUI frontend for the Vista Folder Background. The author just deleted the 2 resources "VERSION" and "DIALOG" from the original DLL, thus looking like he is the coder (lousy attempt).

Or in other words: The author of Windows 7 Folder Background Changer (Kishan) is just a stupid stealer trying to be cool coder. ;-)