Posted by Stefan Kanthak on Jan 05

Hi @ll,

quite some utilities offered for free by Kaspersky Lab load and execute
rogue/bogus DLLs (UXTheme.dll, HNetCfg.dll, RichEd20.dll, RASAdHlp.dll,
SetupAPI.dll, ClbCatQ.dll, XPSP2Res.dll, CryptNet.dll, OLEAcc.dll etc.)
eventually found in the directory they are started from (the “application
directory”).

For software downloaded with a web browser the application directory is
typically the user’s “Downloads”…