xmltok.dll and Spyware

Hiya Everyone,
I managed to acquire a nasty called SAHAgent_.exe which is spyware and which I pulled out with the aid of Ad-Aware. Went to google for more info and found that bundle.exe and xmltok.dll are associated. Bundle.exe is no longer present but xmltok.dll still resides in my system32 folder.
It's properties tell me nil about it and a google does'nt come up with much either. Question - do I need it - or if I delete it what will be the effect on the system (XP Pro). Grateful for any advice or leads that I have not been able to track down.
Cheers All
Robert

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT


We are very busy here at MajorGeeks.Com PhilliePhan, Chaslang or myself with check back when time permits.!

 

Thank You but I had already downloaded that excellent advice ages ago and filed it under "Removing Nasties" and indeed followed the salient bits of that advice before I raised this issue.As I said Ad-Aware picked it up and broke it's heart. The remains were fairly easy to destroy aided by the guide previously mentioned plus some other info I obtained by going googling. I use Opera7 and/or Firefox and I assume SAGAgent is a piece of nastiness specifically arrowed at IE6 which I don't use.
My question is "What is the purpose of xmltok.dll - do I need to retain it - is it only associated with spy/malware or does it have a legitimate reason for living?".
OnYa Geeks - You're a great bunch!
Regards
Robert

 

If you would like to post a current HJT log to confirm your clean feel free to. As far as the xmltok.dll goes, It's a library file used to get encoding and create tokens for the XSLT (Extensible Stylesheet Language Transformations) engine for further processing.

 

Thanks for that. With that knowledge I'll do some further reading. As to HJ - I won't bother you further unless I have missed something and bombs start going off all over the desktop. And thanks for the prompt responses!
Cheers from a hot Canberra Summer
Robert

 

Its fine, Im sitting here bored anyway. If you like you can post a HJT log.