Other > Viruses and worms
help msdirectx.sys
TAP:
This malware may use Rootkit technique to hide itself, you can
use F-Secure BlackLight Beta to scan and if it finds some thing like these
msdirectx.sys
mssl32.exe
Mqsq132.exe
SSL32Dr.exe
then rename them and reboot the system so the hidden files should be visible.
http://www.f-secure.com/blacklight/try.shtml
lightboy:
I just installed and ran kapersky AV and it seems to have sorted it ...
lee16:
Hi
About your log, remove these:
O4 - HKLM\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] scvvhost.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111614934515
Also a see more then one Anti-virus on your system, this is a bad idea as they will conflict.
Also i see no firewall on that system, Zonealarm (free) is a good start: http://download.zonelabs.com/bin/free/1012_zl/zlsSetup_55_062_011.exe
--lee
whocares:
Hi Lee & lightboy,
these:
O4 - HKLM\..\Run: [Norton Updater] navupdtr.exe
O4 - HKLM\..\RunServices: [Norton Updater] navupdtr.exe
O4 - HKCU\..\Run: [Norton Updater] navupdtr.exe
O4 - HKCU\..\RunServices: [Norton Updater] navupdtr.exe
are most probably not from NORTON, but rather from the SDBOT-Worm, which dropped the RootKit:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSDBOT%2EAXV&VSect=T
I'd advise flattening the system and setting up from scratch, as it's compromised, not secure anymore:
- data backup
- format C:
- reinstall Windows WITHOUT going online
- Apply XP-ServicePack2 before EVER going online, or behind a properly configured firewall (which needs to be installed OFFline, too)
- take some more care to secure your system
- change all your passwords, PINs, Online-banking/-shopping data
read the 2nd part in link "VirusRemoval" below for more info ;)
Navigation
[0] Message Index
[*] Previous page
Go to full version