dwmapi.dl [RESOLVED]

[Guest]

[grayhair]

   Not sure if this is the right forum catagory for this, but here goes.  On one of my Vista's I keep getting a CFP warning window about iexplorer wanting to install dwmapi.dl (that's .dl, not .dll). When I click the highlighted link no detail window comes up.  I keep blocking it, but it wants to install whenever I start the Internet.  I have done some searching as to what dwmapi.dl is, but not much luck.  Any one know what this is?

[Matty_R]

Hi greyhair,

https://forums.comodo.com/help_for_v3/problems_with_msctfdl-t19884.0.html

This seems to be coming up a lot recently.No explanation yet,sorry.

Matty

sorry i`m getting old 

[Kyle]

Matty, your link takes us back to this thread lol.

Is Dwmapi.dl a safe file? If your not sure, you can always check with     www.virustotal.com

[grayhair]

   Thanks for the replies (so far).  I would submit the file to virustotal, however I cannot locate the file on the computer.  The CFP window does say that "iexplorer wants to INSTALL dwmapi.dl," so I suspect that some other app/program/file wants to install this .dl.  The fact that the extension is .dl, and not .dll is a little creepy, and that no CFP detail window will open on the link.  I have a feeling this is not a legit file.

[Matty_R]

Edited above post

[BNAMack]

This dll is the Desktop Windows Manager API   (dwmapi.dll).  It is integral to Vista effects such as the aero-glass effect, menu & window animation, scaling, etc --  so a lot of programs seem to call this function; and Commodo will spout a pop-up warning at each instance. 

Find the MSDN entry on this here: http://msdn.microsoft.com/en-us/library/aa969540.aspx

I'm not sure why CFP has started complaining about this function - I only started getting the pop-ups after latest version update. But the function in question is safe and necessary.

[Therealjobe]

[at]BNAMack...


Go back and read the thread. This is .dl not .dll.

I got it for the first time today as well. When I visit 1 particular site that attempts to integrate the WMP to run videos on their site.

I think this is bad news...

Do Comodo employees ever come out here and answer questions?

[Therealjobe]

An update, COMODO reports the file is in the winsys32\ directory. However, if you go to look for that file its not there. I am suspecting 1 of 2 things. 1 Its rootkited, 2. Its only placed there during the request.

I would like to see if it is visible during the time the COMODO action prompt is waiting. However, I told COMODO to block it every time it comes up. Now I cant figure out how to unblock it so the action prompt will come up again... any idea?

[Kyle]

When I visit 1 particular site that attempts to integrate the WMP to run videos on their site.

I think this is bad news...

You tried to watch a video online, It asked to install something? Can you please send me a link VIA private message.
I would almost bet that this is the cause..

[Therealjobe]

I'll be more than happy to. I dont want to come across as I know for sure that site is related, as I dont want to be considered slanderous.

Let me add this too to see if we can begin to find a common thread.

I just rebuilt my PC today too, post finding this issue. It was more important for me to protect my data then crack the case.

So before I was running Vista 32 Home Prem
Now I am running Vista 32 Ultimate, both are legit licensed.

The new Ultimate build is still fairly bare bones.
I formated all physical drives
I have COMODO and AVAST
FireFox3
All available Windows updates
Latest Nvidia drivers and the same for my X-fi drivers.
I have WoW installed with all the current patches.
 I also installed the latest flash plugin.

Unlike the situation before I now get the warning pop-up when IE is launched and attempts to pull up google.com
At this time its easier for me to rebuild my machine one more time, post flashing the onboard BIOS in the event somethig nasty is in there.

If it persist beyond that I would have to think this is a serious hack that would have been publicized by now, or just a buggy situation with Vista runing some funky functions.

[Therealjobe]

Just an FYI I had stated earlier that I had hoped to see if the file was present in the file structure while the comodo prompt is up. Since I am getting it again on the new system I had a chance to check. It was not present as far as I could tell.

[Kyle]

Is this what you saw?

EDIT: This may very well be a legit codec, How ever if some of you noticed that this appeared before\during the infection, please post it.

[Kyle]

Hello, Try this -
Next time you get the pop up go to
Comodo Firewall Pro -> Defense+ -> View Active Process List.    If you see anything suspicious, Right click on it - Terminate and Quarantine. (Make sure it's not an important windows file..Might cause some trouble if it is)

[PHatDriver]

Hello everyone,

I'm new here, yes and I'm not sure if you don't mind me saying I have the same problem with this file:
"dwmapi.dl" < yes with ONE "L"

Been looking for answers too (yet to find anything) as COMODO keeps asking me to block or allow for nearly EVERY program I run; MSN, OUTLOOK, WORD, etc... Not sure if thats a pattern.

I block it for every program and they all seem to run fine...

As mention up the page a bit, when I try to examine the file or send IT'S NOT THERE and it's NOT anywhere (search wise) on my system! Not in task man, system32... NOTHING...

This file is starting to freak me out.

Thanx for reading and I hope my butting in is okay seeing as we are all talking about the same problem.  

Running Windows Vista Ultimate with all updates.

[Sir Joe]

Me too.
I have formatted the notebook, so all is new. No strange things installed. Just the Microsoft Silverlight.
I am downloading the standalone SP1, so, no windows update done yet.
I have the message for IE, Firefox, WMP...
By the way, what is a "hook"?
Mmm, I do not want bad things to install now.
Someone please discover out what the hell is that 

[Tags:]