none
Red entries in KnownDLLs RRS feed

  • Question

  • Hi,

    I've run Autoruns for the first time in my system (Windows 10 Pro) and have noticed there are some red entries in the "KnownDLLs" section:

    wow64cpu.dll

    wowarmhw.dll

    xtajit.dll

    wow64.dll

    wow64win.dll

    As far as I understand it, these should be genuine Microsoft DLLs, but they seem to be unsigned. I can't check them with VirusTotal since I can't find them in my system. I've also just finished running several malware scans and other similar software on my computer and my machine seems to be clean. Should I be concerned about these entries? Can anyone check their own 'KnownDLLs' entries and let me know if it's normal for them to be unsigned?



    • Edited by esunaga Saturday, August 24, 2019 4:44 AM
    Saturday, August 24, 2019 2:47 AM

Answers

  • If by "red entries" you means they are highlighted in red, this is correct, because of the annoying problems related to the folders system32 and syswow64 when you run Autoruns64..

    As you can see the registry key doesn't specify a path where to look for the dlls.. so Autoruns tries both system32 and syswow64.. some dll are missing from the system32 path because they are 32 bit and so are in the syswow64 folder, while others are 64 bit and are in the system32 folder.. so if this is your problem, then it is correct and not a problem..

    HTH
    -mario

    • Marked as answer by esunaga Saturday, August 24, 2019 6:54 AM
    Saturday, August 24, 2019 6:42 AM

All replies

  • If by "red entries" you means they are highlighted in red, this is correct, because of the annoying problems related to the folders system32 and syswow64 when you run Autoruns64..

    As you can see the registry key doesn't specify a path where to look for the dlls.. so Autoruns tries both system32 and syswow64.. some dll are missing from the system32 path because they are 32 bit and so are in the syswow64 folder, while others are 64 bit and are in the system32 folder.. so if this is your problem, then it is correct and not a problem..

    HTH
    -mario

    • Marked as answer by esunaga Saturday, August 24, 2019 6:54 AM
    Saturday, August 24, 2019 6:42 AM
  • Yes, this is what I meant! Thanks for explaining it to me.
    Saturday, August 24, 2019 6:56 AM
  • There are now also some entries related to Windows on ARM which are not in either System32 or SysWOW64 on an x64 system.
    Saturday, August 24, 2019 11:30 AM
  • Yes, because the windows source is common now.. you will get them on an ARM system..

    -mario

    Saturday, August 24, 2019 12:30 PM