which module created a specific file?

Joseph Marzbani

Whenever I plugin a usb mass driver into my pc, an autorun.inf file is creatd. When I monitored the running proccesses to determine which of them is doing so, I realized that even if I kill that process, another proccess begin to create that damn file again. I gussed there is a dll which is injected into all proccess running on my pc. Now I can't find out which module is doing all these functions ... one more thing: anyone know umdmxfrm.dll?

Thank you masters!

Adam Roderick J

Actually this is usually the behaviour of some Viruses. Actually running process wont show the real process in taskmanager, example the case of ZPharaoh.exe(ZPharoah[^]). Where you cannot even understand that which process is injecting the code. since it destroys all the exe in the machine by infecting with itself. Because those virus firstly dominates your registry and they remove your access to it along with msconfig and taskManager. Your guessing is correct, if you want create a antivirus patch then just API Hook(API Hooking (LoadLibrary)[^]) the CreateProcess API to understand which all processes are created. You have to hook those API at startup since some virus, hook the APIs before you. umdmxfrm.dll(http://www.file.net/process/umdmxfrm.dll.html[^]) So what u can do is, use a good antivirus.

Величие не Бога может быть недооценена.

Rajesh R Subramanian

This board is for programming queries specific to C/C++/MFC.

It is a crappy thing, but it's life -^ Carlo Pallini