- Mar 6, 2019
- 438
- 634
did you "install & run" the tool to wrong path and made the winmm.dll Or version.dll and "injectpath" persist in the 'PATH', Or something will loaded to a Services?So I wanted to rename the folder that Mtool is located in and I can't because it says there's a process open.
I tried checking task manager and didn't find anything, so I went into Resource Monitor and there's a program running called "svchost.exe (LocalService -p)".
I tried ending it through Resource Monitor and every time I do it restarts because I still can't rename the folder. I refresh Windows Explorer, go back into Resource Monitor for another search and it's back up.
Any advice in regards to closing this so I can rename this folder? If I can't figure this out I might just nuke the whole thing because having an unknown zombie program running is setting off alarm bells in my brain.
If not, maybe antivirus block and held the file will also get this problem. (move it to the whitelist may not work with some antivirus, It only allow the file to run, but It will still hold it.)
Special case: mv/mz/tyrano's tools hook the "CreateProcessW", so the processes started with them are continuously injected into the child processes.
So something is being injected with the start-up.
(The hook is because Chrome is multi-process and only hooking the main process does not do the job of inject tool.)
Worst case: you have a game with a virus, you install a tool on the game, and since the tool is automatically loaded by "version.dll" or "winmm.dll" in the same directory with all programs, so they are loaded at the same time the file is loaded, it doesn't do anything, but the file is used.
(It can be associated with special cases.)
If some file is holding by others, you should not be able update the tool either. (because it's holding files)
so since everyone can update It, it can be clearly shows there's no virus in the tool like you are showing.
Normally you should find out which files are occupied (delete them one by one), and determine the final problem.
(The file should be "loaders/????Hook.dll")
Some document:
You must be registered to see the links
In any case, if the file is already occupied you will have a hard time dealing with the problem.
You need to find the " injectPath " file where it was called and delete it.
Then end the process.
Then you can delete the tool.
But the problem is that together with the winmm.dll or version.dll it is still occupied.
(Although it is a copied file, it does not affect the tool but it is still loaded, But you will get a ErrorMesageBox with a "E" showing up when it startup.)
I don't think you can install the tool under C:\Windows\SysWOW64 or C:\Windows\System32, so it's possible that you installed the tool in a path inside the PATH variable.
(But this is not likely, because if so, most of the programs on your computer will be injected by winmm/version .dll)
To be honest your problem is confusing.
Anyway, it's hard to determine what problem you are facing.
I'd need remote assistance to be sure of the problem, but I don't think you'd trust me.
If you would like to get remote assistance from me, join this Discord server to contact.
You must be registered to see the links
Last edited: