help msdirectx.sys

Other > Viruses and worms

help msdirectx.sys

<< < (3/3)

TAP:
This malware may use Rootkit technique to hide itself, you can
use F-Secure BlackLight Beta to scan and if it finds some thing like these

msdirectx.sys
mssl32.exe
Mqsq132.exe
SSL32Dr.exe

then rename them and reboot the system so the hidden files should be visible.

http://www.f-secure.com/blacklight/try.shtml

lightboy:
I just installed and ran kapersky AV and it seems to have sorted it ...

lee16:
Hi

About your log, remove these:

O4 - HKLM\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] scvvhost.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111614934515

Also a see more then one Anti-virus on your system, this is a bad idea as they will conflict.

Also i see no firewall on that system, Zonealarm (free) is a good start: http://download.zonelabs.com/bin/free/1012_zl/zlsSetup_55_062_011.exe

--lee

whocares:
Hi Lee & lightboy,

these:
O4 - HKLM\..\Run: [Norton Updater] navupdtr.exe
O4 - HKLM\..\RunServices: [Norton Updater] navupdtr.exe
O4 - HKCU\..\Run: [Norton Updater] navupdtr.exe
O4 - HKCU\..\RunServices: [Norton Updater] navupdtr.exe

are most probably not from NORTON, but rather from the SDBOT-Worm, which dropped the RootKit:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSDBOT%2EAXV&VSect=T

I'd advise flattening the system and setting up from scratch, as it's compromised, not secure anymore:
- data backup
- format C:
- reinstall Windows WITHOUT going online
- Apply XP-ServicePack2 before EVER going online, or behind a properly configured firewall (which needs to be installed OFFline, too)

- take some more care to secure your system

- change all your passwords, PINs, Online-banking/-shopping data

read the 2nd part in link "VirusRemoval" below for more info ;)

Navigation

[0] Message Index

[*] Previous page

Go to full version