And you said my "server"?? If that is some internet server you must check your logs to find how someone hack in!
And a little note for SlippyG
at the end of this post.
And complete solution at the end of that post too
)
Hmm here is a little information for u:
This Registry hack is valid for all Windows 95, OSR 2.x, 98, 98 SE and ME releases. Applies also to Windows NT4, 2000 and XP, but ONLY for 32-bit DLLs, NOT for old(er) 16-bit DLLs.
Windows OS does NOT always unload opened DLLs (Dynamic Link Libraries) used by programs/games from memory (where they are cached for faster execution), upon closing the respective application (default action), therefore keeping unused DLLs in the memory buffer much longer than necessary, even after their programs closed, thus slowing down system performance, because over time the amount of RAM dedicated to holding them grows gradually as more apps are opened.
To fix this, start Regedit and go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\AlwaysUnloadDll
In the right hand pane look for the "(Default)" String [REG_SZ] value. Make sure its value is 1.
If not present, create a new Registry subkey: highlight the "explorer" subkey (see above) -> right-click in the left hand pane -> select New -> Key -> type AlwaysUnloadDll -> hit Enter -> highlight the new "AlwaysUnloadDll" subkey -> double-click on the "(Default)" String Value in the right hand pane -> type 1 -> click OK or hit Enter.
The caveat is that certain (especially older and/or 16-bit) Windows programs might "complain" by issuing error messages [like Invalid Page Faults (IPFs)], or even crashing the entire system (Win9x/ME only) when this option is turned on.
But you can turn it off: delete the "AlwaysUnloadDll" Registry subkey.
If you haven't experienced such errors/lockups, you can leave it on, because this setting speeds up GUI operation a bit, by freeing chunks of unused RAM and returning it to the system.
Close the Registry Editor when done and restart Windows for the change to take effect.
Also you can try Debugging with the Shell :
To debug your extension, you need to execute the Shell from the debugger. Follow these steps:
Load the extension's project into the debugger, but do not run it.
From the Start menu on the Microsoft® Windows® taskbar, choose Shut Down.
Press CTRL+ALT+SHIFT, and click No in the Shut Down Windows dialog box. On Windows 2000, click Cancel instead of No. The Shell is now shut down, but all other applications are still running, including the debugger.
Set the debugger to run the extension DLL with Explorer.exe from the Windows directory.
Run the project from the debugger. The Shell will start up as usual, but the debugger will be attached to the Shell's process.
Running and Testing Shell Extensions on Windows NT
You can run and test your Microsoft Windows NT® extensions in a separate Windows Explorer process to avoid stopping and restarting the desktop and taskbar. Your desktop and taskbar can still be used while you run and test the extensions.
To enable this feature, add the following value to the registry.
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Explorer
DesktopProcess (REG_DWORD)= 1
For this value to take effect, you must log off and log on again. This setting causes the desktop and taskbar windows to be created in one Explorer.exe process, and all other Explorer and folder windows to be opened in a different Explorer.exe process.
In addition to making running and testing your extensions more convenient, this setting also makes the desktop more robust as it relates to Shell extensions. Many such extensions (shortcut menu extensions, for example) will be loaded into the nondesktop Explorer.exe process. If this process terminates, the desktop and taskbar will be unaffected, and the next Explorer or folder window will re-create the terminated process.
Unloading the DLL
The Shell automatically unloads a DLL when its usage count is zero, but only after the DLL has not been used for a period of time. This inactive period might be unacceptably long at times, especially when a Shell extension DLL is being debugged. For operating systems prior to Windows 2000, you can shorten the inactive period by adding the following information to the registry.
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Explorer
AlwaysUnloadDll
And as all some DLLs are stay-resident DLLs: they get loaded and stay loaded. Others get loaded when they're called and unloaded after. It's up to the DLL developer whether or not their DLL should be stay-resident.
Solution for removing WinEggDrop:
Kill these running processes with Task Manager:
editserver.exe
injectt.exe
wineggdropshell.exe
wineggdropshellnew.exe
Unregister these DLLs with Regsvr32, then reboot:
tback.dll
Remove these files (if present) with Windows Explorer:
editserver.exe
editserverreadme.txt
injectt.exe
readme.txt
readmenow.txt
tback.dll
wineggdropshell.exe
wineggdropshellnew.exe
Hmm goes to SlippyG
Quote:"
There are various tools around. Try ProcessExplorer or others. You never said which operating system you are on so I cannot advise you on which is best. Googling for tool "unload dlls" will return plenty of hits.
Indeed, you should realy have looked there before posting here."
ProcessExplorer is for killing app not dll
) And so help that gay not tell him just search google! Search google is answer of someone who can't or do not want to help
BN: You are correct; we don't want to help those who can help themselves. No one wants to read posts about questions that are easily resolved through a 2-second search. Also, it's in the RULES: do the search yourself before posting.
By the way, to quote someone, copy the text you want to quote, click reply, click the QUOTE button, paste the text, press QUOTE again.
dll
