Shell32.dll Unrecognized file

I am getting a pop-up and an unrecognzed file with shell32.dll and I was not able to upload it to Comodo because it’s too big. Is that safe to remove or should I place that in the Sandbox as Limited?

Is it advisable to do that(placing it in Sandbox as Limited application)…?

Thank you.

That thing was modified in some way or form…
If you delete that, bye bye computer…
Do this

Restart your computer.
Report back the results.
In the meantime, sandbox this one…

@ GakunGak,

Thank you. I will checkout the links and will get back. One thing, I answered “Sandbox” to the pop-up but when I checked the Always Sandbox it was not there. There was no option to place it in the Sandbox again so I placed it in Blocked files. Does removing it from the Blocked Files throws the pop-up again.


It should, and also check in Defense+>My Security Policy is something there for that file, any rule or something. Also check Always Sandbox tab…

Are you using some type of theme pack that changes how Windows looks? That can adapt the shell32.dll if I am not mistaken. What Windows version are you on?

I’m looking-in here for a different reason: I get shell32.dll pop-ups sometimes when coming-out of Hibernate. Don’t use any special theme pack but I do have Aero and 2560x1600 backgrounds custom-selected.

I’m gonna surf on this “adapt the shell32.dll” idea but if anyone has pertinent details by all means share…

Back on XP days, it was related to “theme patcher” thing…
Dunno how it’s done on 7…
The thing is, some program you installed might have modified the original microsoft file…
Did you do the sfc scannow thing?

There are a number of utilities floating around to patch Windows 7 for adding customised themes, I’ve always used Universal Theme Patcher but any of them will do the job.

Typically, these utilities patch several files:


Once patched, the system is ready to apply custom themes, many of which can be found on places like Deviantart, or A lot of themes are fairly simple and similar to their XP counterparts, some, however, also add replacements for certain system files, such as:


There are various methods used to replace these files, such as manually taking ownership and replacing the file, or simply using a utility, such as:

Windows Theme Installer

It’s also possible, and in some cases quite desirable to modify files like shell32.dll with utilities like Resource Hacker Doing this allows one to change things like icons.

On another tac, there have been quite a few posts regarding D+ and shell32.dll, so it may be worth searching the forums for related threads. Here’s a couple:

shell32.dll could not be recognized
Windows Shell Common DLL

Thanks for the feedback, guys. I’ve not patched anything and the first other thread from Radaghast pointed me towards a mouse1 utility to check my shell32.dll signature, and both the one in system32 and the one in sysWOW64 check-out as Signed/verified.

Thanks again–sorry for the distraction malick1976!

Can you do me a favor?
Do a free scan from here

Print screen the results and attach here as JPG
I am curious about something

– Sorry for the late reply. Yes I am using one from BricoPack. This is in an XP SP3 machine. In W7 (without any theme patcher)it also pops-up. I’m all okay with W7.

Can you do me a favor? Do a free scan from here Print screen the results and attach here as JPG I am curious about something
-- Will do later.

– Thank you for the links. Will read later.

Thanks again--sorry for the distraction malick1976!
-- It's okay. Your interaction here will help members because your experience is most welcome.

I had difficulty with the reimage application yesterday as it was not a standalone installer and it seems to download like forever. Other application like TrueCrypt and the new Firefox build was not so. I am in the office now and I’ll try again when I get home.

Since this is on XP SP3 due to the BricoPack theme, is it safe to allow it or I’ll let it remain in the CIS sandbox? For how long…? Or is there a rule that I should create for this BricoPack theme so I won’t need to let it stay sandboxed…?

I have read some at the link that there was a rule created there…what maybe a safe rule to do…?



Because it was patched by a theme, I would say with high confidence it is safe to allow that file outside sandbox.
That’s what I would do…


Okay I will allow it now. Thank you. I’ll also keep reimage.exe might be usefull :slight_smile:

Thanks for the assistance here.


Glad we could help, here @ Comodo family we always look out to help people in any way we possibly can :-TU
If you have any other questions, do ask and someone shall always respond!

Great knowledge here! You guys rock hard!