d3dxo.dll virus-how to get rid of

F

Fonz

Good Morning all.
I'm trying to get rid of a virus which has been found in C:/windows/system32
folder called:
d3dxo.dll. Looking on the internet revels it may be a very benign virus,
with limited security concerns, but... who knows.

I'm using AVG which is up to date, and every time I open an explorer page I
get warnings. I try to put it into a virus vault and delete, but it's
always there, even after a reboot.
tried deleteing in the command mode and it stated access denied.
Any help is appreciated.
Rob
Australia.
 
F

Fonz

I've tried unregistering the dll, but I get an error message of access
denied all the time. Any other ideas?
How do I found out what is activating the DLL?
Thanks again,
Rob.

"Fonz" <r@removeme.com.au> wrote in message
news:473a8cc5$1@dnews.tpgi.com.au...
> Good Morning all.
> I'm trying to get rid of a virus which has been found in
> C:/windows/system32 folder called:
> d3dxo.dll. Looking on the internet revels it may be a very benign virus,
> with limited security concerns, but... who knows.
>
> I'm using AVG which is up to date, and every time I open an explorer page
> I get warnings. I try to put it into a virus vault and delete, but it's
> always there, even after a reboot.
> tried deleteing in the command mode and it stated access denied.
> Any help is appreciated.
> Rob
> Australia.
>
>
 
N

Newell White

1) In Windows Explorer, record modified date/time of d3dxo.dll
2) Rename it by adding zzx_ prefix.
3) Get Internet Explorer to delete all temporary files and downloaded
program files.
4) Reboot.

If d3dxo.dll re-appears, continue:
5) Rename it again
6) In Explorer, search C:\ for all files modified on the date you recorded
in (1) above. Sort into time order and rename all files of the same size as
d3dxo.dll modified within 2 minutes of the time you recorded.
7) Record paths of all other files modified in this time window - they are
suspects.
8) Reboot with no network connection.
9) If d3dxo.dll does not appear, the only other thing to guard against is an
intruder program that calls home to download the files you renamed.
10) Plug into the network, and if you don't have a software firewall which
alerts on outgoing traffic, install one - e.g. free version of Zone Alarm.
11) Make sure the infection has not already re-appeared, and reboot again.
12) Zone alarm should alert you if one of the suspects tries to call home.
Re-name it.
13) If you want to, delete the renamed files.
--
HTH,
Newell White


"Fonz" wrote:

> I've tried unregistering the dll, but I get an error message of access
> denied all the time. Any other ideas?
> How do I found out what is activating the DLL?
> Thanks again,
> Rob.
>
> "Fonz" <r@removeme.com.au> wrote in message
> news:473a8cc5$1@dnews.tpgi.com.au...
> > Good Morning all.
> > I'm trying to get rid of a virus which has been found in
> > C:/windows/system32 folder called:
> > d3dxo.dll. Looking on the internet revels it may be a very benign virus,
> > with limited security concerns, but... who knows.
> >
> > I'm using AVG which is up to date, and every time I open an explorer page
> > I get warnings. I try to put it into a virus vault and delete, but it's
> > always there, even after a reboot.
> > tried deleteing in the command mode and it stated access denied.
> > Any help is appreciated.
> > Rob
> > Australia.
> >
> >
>
>
>
 
C

Ckyp

"Fonz" <r@removeme.com.au> wrote:
>I've tried unregistering the dll, but I get an error message of access
>denied all the time. Any other ideas?
>How do I found out what is activating the DLL?
>Thanks again,
>Rob.

Sounds like your browser has been "highjacked". Don't you hate that!

A thorough solution is to download the freeware version of "SUPERAntiSpyware":
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Install it, make sure it's completely up to date, then run a full system scan
and follow the prompts. If "SAS" can't fix it, probably nothing else will.
It completely destroys "vundo", "winfixer", and all that kind of garbage. And
the "SAS" author keeps the program's functionality and database completely up
to date. If you can afford the commercial version, it's probably worth it, but
I only recommend freeware programs or program versions, so I won't be seen as
a "spammer". Nothing worse than spammers! They're like telephone solicitors
that used to invade our private residence while we were eating dinner. We now
have a "no call" law here in America, but before that federal law was passed,
we used to get three or four unsolicited calls a day... I ended up turning off
the telephone ringers, and let our answering machine filter out calls.

Anyway, there's nothing like the freeware "SpyBot" for general anti-spyware:
http://www.spybot.info/en/download/

I use AVG and SpyBot on all my computers. They're both free, and neither
one of these programs has slowed any of my home computer systems down. I use
"SAS" to run a full system scan once every month or so, just to make sure
"SpyBot" hasn't missed anything. So far, so good. The real-time protection
afforded by the freeware "SpyBot" has apparently done its job, and I
probably average 80 hours per week working over the Internet. So I know AVG
and SpyBot are definitely keeping my computers bug-free.

Good luck.

--

Ckyp
 
P

Paul Zak

As an update, SAS does NOT "destroy" Vundo I had one machine infected with
it & SAS did not even see it I forget exactly what I did to get rid of it
but I recall trying several "fixes" and it was some obscure piece of
software called "virtumondobegone" that finally took care of it even the
vaunted "smitfraudfix" & Norton's "fixvundo" couldn't remove it . . .

"Ckyp" <ckypper@crew.metacolo.com> wrote in message
news:ad1ea67bbededde9225ac38506f994a6@remailer.metacolo.com...
>
> "Fonz" <r@removeme.com.au> wrote:
> >I've tried unregistering the dll, but I get an error message of access
> >denied all the time. Any other ideas?
> >How do I found out what is activating the DLL?
> >Thanks again,
> >Rob.
>
> Sounds like your browser has been "highjacked". Don't you hate that!
>
> A thorough solution is to download the freeware version of
"SUPERAntiSpyware":
>
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
>
> Install it, make sure it's completely up to date, then run a full system
scan
> and follow the prompts. If "SAS" can't fix it, probably nothing else
will.
> It completely destroys "vundo", "winfixer", and all that kind of garbage.
And
> the "SAS" author keeps the program's functionality and database completely
up
> to date. If you can afford the commercial version, it's probably worth
it, but
> I only recommend freeware programs or program versions, so I won't be seen
as
> a "spammer". Nothing worse than spammers! They're like telephone
solicitors
> that used to invade our private residence while we were eating dinner. We
now
> have a "no call" law here in America, but before that federal law was
passed,
> we used to get three or four unsolicited calls a day... I ended up turning
off
> the telephone ringers, and let our answering machine filter out calls.
>
> Anyway, there's nothing like the freeware "SpyBot" for general
anti-spyware:
> http://www.spybot.info/en/download/
>
> I use AVG and SpyBot on all my computers. They're both free, and
neither
> one of these programs has slowed any of my home computer systems down. I
use
> "SAS" to run a full system scan once every month or so, just to make sure
> "SpyBot" hasn't missed anything. So far, so good. The real-time
protection
> afforded by the freeware "SpyBot" has apparently done its job, and I
> probably average 80 hours per week working over the Internet. So I know
AVG
> and SpyBot are definitely keeping my computers bug-free.
>
> Good luck.
>
> --
>
> Ckyp
>
 
J

J(ohn|ane) Doe

Fw: attn Nick Skrepetos complaint about SAS - saw this on anothergroup

In news:e$5GHuwJIHA.5116@TK2MSFTNGP03.phx.gbl . . .
"Paul Zak" <idontgotnone@nowhere.com> wrote:
>As an update, SAS does NOT "destroy" Vundo I had one machine infected with
>it & SAS did not even see it I forget exactly what I did to get rid of it
>but I recall trying several "fixes" and it was some obscure piece of
>software called "virtumondobegone" that finally took care of it even the
>vaunted "smitfraudfix" & Norton's "fixvundo" couldn't remove it . . .
>
>"Ckyp" <ckypper@crew.metacolo.com> wrote in message
>news:ad1ea67bbededde9225ac38506f994a6@remailer.metacolo.com...
>>
>> "Fonz" <r@removeme.com.au> wrote:
>> >I've tried unregistering the dll, but I get an error message of access
>> >denied all the time. Any other ideas?
>> >How do I found out what is activating the DLL?
>> >Thanks again,
>> >Rob.
>>
>> Sounds like your browser has been "highjacked". Don't you hate that!
>>
>> A thorough solution is to download the freeware version of
>"SUPERAntiSpyware":
>>
>http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
>>
>> Install it, make sure it's completely up to date, then run a full system
>scan
>> and follow the prompts. If "SAS" can't fix it, probably nothing else
>will.
>> It completely destroys "vundo", "winfixer", and all that kind of garbage.
>And
>> the "SAS" author keeps the program's functionality and database completely
>up
>> to date. If you can afford the commercial version, it's probably worth
>it, but
>> I only recommend freeware programs or program versions, so I won't be seen
>as
>> a "spammer". Nothing worse than spammers! They're like telephone
>solicitors
>> that used to invade our private residence while we were eating dinner. We
>now
>> have a "no call" law here in America, but before that federal law was
>passed,
>> we used to get three or four unsolicited calls a day... I ended up turning
>off
>> the telephone ringers, and let our answering machine filter out calls.
>>
>> Anyway, there's nothing like the freeware "SpyBot" for general
>anti-spyware:
>> http://www.spybot.info/en/download/
>>
>> I use AVG and SpyBot on all my computers. They're both free, and
>neither
>> one of these programs has slowed any of my home computer systems down. I
>use
>> "SAS" to run a full system scan once every month or so, just to make sure
>> "SpyBot" hasn't missed anything. So far, so good. The real-time
>protection
>> afforded by the freeware "SpyBot" has apparently done its job, and I
>> probably average 80 hours per week working over the Internet. So I know
>AVG
>> and SpyBot are definitely keeping my computers bug-free.
>>
>> Good luck.
>>
>> --
>>
>> Ckyp
>>
 
C

Cyberiade.it Anonymous Remailer

Fw: attn Nick Skrepetos complaint about SAS - saw this on another group

In news:e$5GHuwJIHA.5116@TK2MSFTNGP03.phx.gbl . . .
"Paul Zak" <idontgotnone@nowhere.com> wrote:
>As an update, SAS does NOT "destroy" Vundo I had one machine infected with
>it & SAS did not even see it I forget exactly what I did to get rid of it
>but I recall trying several "fixes" and it was some obscure piece of
>software called "virtumondobegone" that finally took care of it even the
>vaunted "smitfraudfix" & Norton's "fixvundo" couldn't remove it . . .
>
>"Ckyp" <ckypper@crew.metacolo.com> wrote in message
>news:ad1ea67bbededde9225ac38506f994a6@remailer.metacolo.com...
>>
>> "Fonz" <r@removeme.com.au> wrote:
>> >I've tried unregistering the dll, but I get an error message of access
>> >denied all the time. Any other ideas?
>> >How do I found out what is activating the DLL?
>> >Thanks again,
>> >Rob.
>>
>> Sounds like your browser has been "highjacked". Don't you hate that!
>>
>> A thorough solution is to download the freeware version of
>"SUPERAntiSpyware":
>>
>http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
>>
>> Install it, make sure it's completely up to date, then run a full system
>scan
>> and follow the prompts. If "SAS" can't fix it, probably nothing else
>will.
>> It completely destroys "vundo", "winfixer", and all that kind of garbage.
>And
>> the "SAS" author keeps the program's functionality and database completely
>up
>> to date. If you can afford the commercial version, it's probably worth
>it, but
>> I only recommend freeware programs or program versions, so I won't be seen
>as
>> a "spammer". Nothing worse than spammers! They're like telephone
>solicitors
>> that used to invade our private residence while we were eating dinner. We
>now
>> have a "no call" law here in America, but before that federal law was
>passed,
>> we used to get three or four unsolicited calls a day... I ended up turning
>off
>> the telephone ringers, and let our answering machine filter out calls.
>>
>> Anyway, there's nothing like the freeware "SpyBot" for general
>anti-spyware:
>> http://www.spybot.info/en/download/
>>
>> I use AVG and SpyBot on all my computers. They're both free, and
>neither
>> one of these programs has slowed any of my home computer systems down. I
>use
>> "SAS" to run a full system scan once every month or so, just to make sure
>> "SpyBot" hasn't missed anything. So far, so good. The real-time
>protection
>> afforded by the freeware "SpyBot" has apparently done its job, and I
>> probably average 80 hours per week working over the Internet. So I know
>AVG
>> and SpyBot are definitely keeping my computers bug-free.
>>
>> Good luck.
>>
>> --
>>
>> Ckyp
>>
 
N

Nick Skrepetos

On Nov 14, 2:13 pm, "Paul Zak" <idontgotn...@nowhere.com> wrote:
> As an update, SAS does NOT "destroy" Vundo I had one machine infected with
> it & SAS did not even see it I forget exactly what I did to get rid of it
> but I recall trying several "fixes" and it was some obscure piece of
> software called "virtumondobegone" that finally took care of it even the
> vaunted "smitfraudfix" & Norton's "fixvundo" couldn't remove it . . .
>
> "Ckyp" <ckyp...@crew.metacolo.com> wrote in message
>
> news:ad1ea67bbededde9225ac38506f994a6@remailer.metacolo.com...
>
> > "Fonz" <r...@removeme.com.au> wrote:
> > >I've tried unregistering the dll, but I get an error message of access
> > >denied all the time. Any other ideas?
> > >How do I found out what is activating the DLL?
> > >Thanks again,
> > >Rob.
>
> > Sounds like your browser has been "highjacked". Don't you hate that!
>
> > A thorough solution is to download the freeware version of
> "SUPERAntiSpyware":
>
> http://www.superantispyware.com/downloadfile.html?productid=SUPERANTI...
>
>
>
>
>
> > Install it, make sure it's completely up to date, then run a full system
> scan
> > and follow the prompts. If "SAS" can't fix it, probably nothing else
> will.
> > It completely destroys "vundo", "winfixer", and all that kind of garbage.
> And
> > the "SAS" author keeps the program's functionality and database completely
> up
> > to date. If you can afford the commercial version, it's probably worth
> it, but
> > I only recommend freeware programs or program versions, so I won't be seen
> as
> > a "spammer". Nothing worse than spammers! They're like telephone
> solicitors
> > that used to invade our private residence while we were eating dinner. We
> now
> > have a "no call" law here in America, but before that federal law was
> passed,
> > we used to get three or four unsolicited calls a day... I ended up turning
> off
> > the telephone ringers, and let our answering machine filter out calls.
>
> > Anyway, there's nothing like the freeware "SpyBot" for general
> anti-spyware:
> >http://www.spybot.info/en/download/
>
> > I use AVG and SpyBot on all my computers. They're both free, and
> neither
> > one of these programs has slowed any of my home computer systems down. I
> use
> > "SAS" to run a full system scan once every month or so, just to make sure
> > "SpyBot" hasn't missed anything. So far, so good. The real-time
> protection
> > afforded by the freeware "SpyBot" has apparently done its job, and I
> > probably average 80 hours per week working over the Internet. So I know
> AVG
> > and SpyBot are definitely keeping my computers bug-free.
>
> > Good luck.
>
> > --
>
> > Ckyp- Hide quoted text -
>
> - Show quoted text -


There are hundreds of variants of Vundo out there, if there is one we
missed, in the future, contact our support staff and we can diagnose
the system and update the definitions to remove it. No single tool
will be able to catch everything on a given day - there is just too
much coming out these days.
 
F

Fonz

I'll give the above few a go, in posted order.
Many thanks in advance
Rob.


"Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
news:e93b5ca7-8a27-4c98-8416-7bb3ed37f22f@i12g2000prf.googlegroups.com...
> On Nov 14, 2:13 pm, "Paul Zak" <idontgotn...@nowhere.com> wrote:
>> As an update, SAS does NOT "destroy" Vundo I had one machine infected
>> with
>> it & SAS did not even see it I forget exactly what I did to get rid of
>> it
>> but I recall trying several "fixes" and it was some obscure piece of
>> software called "virtumondobegone" that finally took care of it even the
>> vaunted "smitfraudfix" & Norton's "fixvundo" couldn't remove it . . .
>>
>> "Ckyp" <ckyp...@crew.metacolo.com> wrote in message
>>
>> news:ad1ea67bbededde9225ac38506f994a6@remailer.metacolo.com...
>>
>> > "Fonz" <r...@removeme.com.au> wrote:
>> > >I've tried unregistering the dll, but I get an error message of access
>> > >denied all the time. Any other ideas?
>> > >How do I found out what is activating the DLL?
>> > >Thanks again,
>> > >Rob.
>>
>> > Sounds like your browser has been "highjacked". Don't you hate that!
>>
>> > A thorough solution is to download the freeware version of
>> "SUPERAntiSpyware":
>>
>> http://www.superantispyware.com/downloadfile.html?productid=SUPERANTI...
>>
>>
>>
>>
>>
>> > Install it, make sure it's completely up to date, then run a full
>> > system
>> scan
>> > and follow the prompts. If "SAS" can't fix it, probably nothing else
>> will.
>> > It completely destroys "vundo", "winfixer", and all that kind of
>> > garbage.
>> And
>> > the "SAS" author keeps the program's functionality and database
>> > completely
>> up
>> > to date. If you can afford the commercial version, it's probably worth
>> it, but
>> > I only recommend freeware programs or program versions, so I won't be
>> > seen
>> as
>> > a "spammer". Nothing worse than spammers! They're like telephone
>> solicitors
>> > that used to invade our private residence while we were eating dinner.
>> > We
>> now
>> > have a "no call" law here in America, but before that federal law was
>> passed,
>> > we used to get three or four unsolicited calls a day... I ended up
>> > turning
>> off
>> > the telephone ringers, and let our answering machine filter out calls.
>>
>> > Anyway, there's nothing like the freeware "SpyBot" for general
>> anti-spyware:
>> >http://www.spybot.info/en/download/
>>
>> > I use AVG and SpyBot on all my computers. They're both free, and
>> neither
>> > one of these programs has slowed any of my home computer systems down.
>> > I
>> use
>> > "SAS" to run a full system scan once every month or so, just to make
>> > sure
>> > "SpyBot" hasn't missed anything. So far, so good. The real-time
>> protection
>> > afforded by the freeware "SpyBot" has apparently done its job, and I
>> > probably average 80 hours per week working over the Internet. So I
>> > know
>> AVG
>> > and SpyBot are definitely keeping my computers bug-free.
>>
>> > Good luck.
>>
>> > --
>>
>> > Ckyp- Hide quoted text -
>>
>> - Show quoted text -
>
>
> There are hundreds of variants of Vundo out there, if there is one we
> missed, in the future, contact our support staff and we can diagnose
> the system and update the definitions to remove it. No single tool
> will be able to catch everything on a given day - there is just too
> much coming out these days.
 
F

Fonz

Head against a wall

G'Day all.
Still having my problems. I'm ready to cry.
The file type is given as Trojan Horse.PSW.Generic5.WDM in the AVG virus
scanner.
I found out PSW means Password Stealer, which has me concerned a bit, but I
don't save passwords on mycomputer, so I think that may help. BUT.
The constant warning by AVG appear when I:
-open IE
-open 'my computer' folder or any subfolders
-attempt to delete the file
-attempt to rename the file.

Tried SAS. Found lots of other stuff but not this
Tried SpyBot results A/A
Tried Unlocker nil luck. It doesn't even let me enter the details into the
start function. It states 'Access Denied'
Tried deleting in command line mode 'Access Denied'
I have tried going into Safe Mode using restart and F8, but I don't think
it's actually going into that mode.
I'm going nuts here. Any ideas.
Thanks for all previous replies.
Rob.




"Fonz" <r@removeme.com.au> wrote in message
news:473d5b18@dnews.tpgi.com.au...
> I'll give the above few a go, in posted order.
> Many thanks in advance
> Rob.
>
>
> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> news:e93b5ca7-8a27-4c98-8416-7bb3ed37f22f@i12g2000prf.googlegroups.com...
>> On Nov 14, 2:13 pm, "Paul Zak" <idontgotn...@nowhere.com> wrote:
>>> As an update, SAS does NOT "destroy" Vundo I had one machine infected
>>> with
>>> it & SAS did not even see it I forget exactly what I did to get rid of
>>> it
>>> but I recall trying several "fixes" and it was some obscure piece of
>>> software called "virtumondobegone" that finally took care of it even
>>> the
>>> vaunted "smitfraudfix" & Norton's "fixvundo" couldn't remove it . . .
>>>
>>> "Ckyp" <ckyp...@crew.metacolo.com> wrote in message
>>>
>>> news:ad1ea67bbededde9225ac38506f994a6@remailer.metacolo.com...
>>>
>>> > "Fonz" <r...@removeme.com.au> wrote:
>>> > >I've tried unregistering the dll, but I get an error message of
>>> > >access
>>> > >denied all the time. Any other ideas?
>>> > >How do I found out what is activating the DLL?
>>> > >Thanks again,
>>> > >Rob.
>>>
>>> > Sounds like your browser has been "highjacked". Don't you hate that!
>>>
>>> > A thorough solution is to download the freeware version of
>>> "SUPERAntiSpyware":
>>>
>>> http://www.superantispyware.com/downloadfile.html?productid=SUPERANTI...
>>>
>>>
>>>
>>>
>>>
>>> > Install it, make sure it's completely up to date, then run a full
>>> > system
>>> scan
>>> > and follow the prompts. If "SAS" can't fix it, probably nothing else
>>> will.
>>> > It completely destroys "vundo", "winfixer", and all that kind of
>>> > garbage.
>>> And
>>> > the "SAS" author keeps the program's functionality and database
>>> > completely
>>> up
>>> > to date. If you can afford the commercial version, it's probably
>>> > worth
>>> it, but
>>> > I only recommend freeware programs or program versions, so I won't be
>>> > seen
>>> as
>>> > a "spammer". Nothing worse than spammers! They're like telephone
>>> solicitors
>>> > that used to invade our private residence while we were eating dinner.
>>> > We
>>> now
>>> > have a "no call" law here in America, but before that federal law was
>>> passed,
>>> > we used to get three or four unsolicited calls a day... I ended up
>>> > turning
>>> off
>>> > the telephone ringers, and let our answering machine filter out calls.
>>>
>>> > Anyway, there's nothing like the freeware "SpyBot" for general
>>> anti-spyware:
>>> >http://www.spybot.info/en/download/
>>>
>>> > I use AVG and SpyBot on all my computers. They're both free, and
>>> neither
>>> > one of these programs has slowed any of my home computer systems down.
>>> > I
>>> use
>>> > "SAS" to run a full system scan once every month or so, just to make
>>> > sure
>>> > "SpyBot" hasn't missed anything. So far, so good. The real-time
>>> protection
>>> > afforded by the freeware "SpyBot" has apparently done its job, and I
>>> > probably average 80 hours per week working over the Internet. So I
>>> > know
>>> AVG
>>> > and SpyBot are definitely keeping my computers bug-free.
>>>
>>> > Good luck.
>>>
>>> > --
>>>
>>> > Ckyp- Hide quoted text -
>>>
>>> - Show quoted text -
>>
>>
>> There are hundreds of variants of Vundo out there, if there is one we
>> missed, in the future, contact our support staff and we can diagnose
>> the system and update the definitions to remove it. No single tool
>> will be able to catch everything on a given day - there is just too
>> much coming out these days.
>
>
 
K

Kerry Brown

Re: Head against a wall

Some trojans can be extremely hard to remove. Before you go any farther
backup any data that is important to you. It may come down to erasing the
current installation of windows and starting again from scratch.

Go to one of the forums dedicated to removing malware. Read their posting
guidelines then ask for help. Once someone starts helping you follow their
directions exactly. Don't try to take shortcuts or skip any steps. Here are
a couple of forums.

http://www.aumha.net/

http://forums.techguy.org/54-malware-removal-hijackthis-logs/

Back up your data before trying to remove this trojan. I can't stress this
enough.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"Fonz" <r@removeme.com.au> wrote in message
news:473d8ec7$1@dnews.tpgi.com.au...
> G'Day all.
> Still having my problems. I'm ready to cry.
> The file type is given as Trojan Horse.PSW.Generic5.WDM in the AVG virus
> scanner.
> I found out PSW means Password Stealer, which has me concerned a bit, but
> I don't save passwords on mycomputer, so I think that may help. BUT.
> The constant warning by AVG appear when I:
> -open IE
> -open 'my computer' folder or any subfolders
> -attempt to delete the file
> -attempt to rename the file.
>
> Tried SAS. Found lots of other stuff but not this
> Tried SpyBot results A/A
> Tried Unlocker nil luck. It doesn't even let me enter the details into
> the start function. It states 'Access Denied'
> Tried deleting in command line mode 'Access Denied'
> I have tried going into Safe Mode using restart and F8, but I don't think
> it's actually going into that mode.
> I'm going nuts here. Any ideas.
> Thanks for all previous replies.
> Rob.
>
>
>
>
> "Fonz" <r@removeme.com.au> wrote in message
> news:473d5b18@dnews.tpgi.com.au...
>> I'll give the above few a go, in posted order.
>> Many thanks in advance
>> Rob.
>>
>>
>> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
>> news:e93b5ca7-8a27-4c98-8416-7bb3ed37f22f@i12g2000prf.googlegroups.com...
>>> On Nov 14, 2:13 pm, "Paul Zak" <idontgotn...@nowhere.com> wrote:
>>>> As an update, SAS does NOT "destroy" Vundo I had one machine infected
>>>> with
>>>> it & SAS did not even see it I forget exactly what I did to get rid of
>>>> it
>>>> but I recall trying several "fixes" and it was some obscure piece of
>>>> software called "virtumondobegone" that finally took care of it even
>>>> the
>>>> vaunted "smitfraudfix" & Norton's "fixvundo" couldn't remove it . . .
>>>>
>>>> "Ckyp" <ckyp...@crew.metacolo.com> wrote in message
>>>>
>>>> news:ad1ea67bbededde9225ac38506f994a6@remailer.metacolo.com...
>>>>
>>>> > "Fonz" <r...@removeme.com.au> wrote:
>>>> > >I've tried unregistering the dll, but I get an error message of
>>>> > >access
>>>> > >denied all the time. Any other ideas?
>>>> > >How do I found out what is activating the DLL?
>>>> > >Thanks again,
>>>> > >Rob.
>>>>
>>>> > Sounds like your browser has been "highjacked". Don't you hate that!
>>>>
>>>> > A thorough solution is to download the freeware version of
>>>> "SUPERAntiSpyware":
>>>>
>>>> http://www.superantispyware.com/downloadfile.html?productid=SUPERANTI...
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> > Install it, make sure it's completely up to date, then run a full
>>>> > system
>>>> scan
>>>> > and follow the prompts. If "SAS" can't fix it, probably nothing else
>>>> will.
>>>> > It completely destroys "vundo", "winfixer", and all that kind of
>>>> > garbage.
>>>> And
>>>> > the "SAS" author keeps the program's functionality and database
>>>> > completely
>>>> up
>>>> > to date. If you can afford the commercial version, it's probably
>>>> > worth
>>>> it, but
>>>> > I only recommend freeware programs or program versions, so I won't be
>>>> > seen
>>>> as
>>>> > a "spammer". Nothing worse than spammers! They're like telephone
>>>> solicitors
>>>> > that used to invade our private residence while we were eating
>>>> > dinner. We
>>>> now
>>>> > have a "no call" law here in America, but before that federal law was
>>>> passed,
>>>> > we used to get three or four unsolicited calls a day... I ended up
>>>> > turning
>>>> off
>>>> > the telephone ringers, and let our answering machine filter out
>>>> > calls.
>>>>
>>>> > Anyway, there's nothing like the freeware "SpyBot" for general
>>>> anti-spyware:
>>>> >http://www.spybot.info/en/download/
>>>>
>>>> > I use AVG and SpyBot on all my computers. They're both free, and
>>>> neither
>>>> > one of these programs has slowed any of my home computer systems
>>>> > down. I
>>>> use
>>>> > "SAS" to run a full system scan once every month or so, just to make
>>>> > sure
>>>> > "SpyBot" hasn't missed anything. So far, so good. The real-time
>>>> protection
>>>> > afforded by the freeware "SpyBot" has apparently done its job, and I
>>>> > probably average 80 hours per week working over the Internet. So I
>>>> > know
>>>> AVG
>>>> > and SpyBot are definitely keeping my computers bug-free.
>>>>
>>>> > Good luck.
>>>>
>>>> > --
>>>>
>>>> > Ckyp- Hide quoted text -
>>>>
>>>> - Show quoted text -
>>>
>>>
>>> There are hundreds of variants of Vundo out there, if there is one we
>>> missed, in the future, contact our support staff and we can diagnose
>>> the system and update the definitions to remove it. No single tool
>>> will be able to catch everything on a given day - there is just too
>>> much coming out these days.
>>
>>
>
>
 
N

Newell White

RE: Head against a wall

Excuse what may be a silly question, I am used to AD-integrated networks,
not sure what your environment is.

Have you tried kiilling any runing processes associated with the file, and
taking ownership of the file before attempting to rename/delete?
--
Regards,
Newell White


"Fonz" wrote:

> G'Day all.
> Still having my problems. I'm ready to cry.
> The file type is given as Trojan Horse.PSW.Generic5.WDM in the AVG virus
> scanner.
> I found out PSW means Password Stealer, which has me concerned a bit, but I
> don't save passwords on mycomputer, so I think that may help. BUT.
> The constant warning by AVG appear when I:
> -open IE
> -open 'my computer' folder or any subfolders
> -attempt to delete the file
> -attempt to rename the file.
>
> Tried SAS. Found lots of other stuff but not this
> Tried SpyBot results A/A
> Tried Unlocker nil luck. It doesn't even let me enter the details into the
> start function. It states 'Access Denied'
> Tried deleting in command line mode 'Access Denied'
> I have tried going into Safe Mode using restart and F8, but I don't think
> it's actually going into that mode.
> I'm going nuts here. Any ideas.
> Thanks for all previous replies.
> Rob.
>
>
>
>
> "Fonz" <r@removeme.com.au> wrote in message
> news:473d5b18@dnews.tpgi.com.au...
> > I'll give the above few a go, in posted order.
> > Many thanks in advance
> > Rob.
> >
> >
> > "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> > news:e93b5ca7-8a27-4c98-8416-7bb3ed37f22f@i12g2000prf.googlegroups.com...
> >> On Nov 14, 2:13 pm, "Paul Zak" <idontgotn...@nowhere.com> wrote:
> >>> As an update, SAS does NOT "destroy" Vundo I had one machine infected
> >>> with
> >>> it & SAS did not even see it I forget exactly what I did to get rid of
> >>> it
> >>> but I recall trying several "fixes" and it was some obscure piece of
> >>> software called "virtumondobegone" that finally took care of it even
> >>> the
> >>> vaunted "smitfraudfix" & Norton's "fixvundo" couldn't remove it . . .
> >>>
> >>> "Ckyp" <ckyp...@crew.metacolo.com> wrote in message
> >>>
> >>> news:ad1ea67bbededde9225ac38506f994a6@remailer.metacolo.com...
> >>>
> >>> > "Fonz" <r...@removeme.com.au> wrote:
> >>> > >I've tried unregistering the dll, but I get an error message of
> >>> > >access
> >>> > >denied all the time. Any other ideas?
> >>> > >How do I found out what is activating the DLL?
> >>> > >Thanks again,
> >>> > >Rob.
> >>>
> >>> > Sounds like your browser has been "highjacked". Don't you hate that!
> >>>
> >>> > A thorough solution is to download the freeware version of
> >>> "SUPERAntiSpyware":
> >>>
> >>> http://www.superantispyware.com/downloadfile.html?productid=SUPERANTI...
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> > Install it, make sure it's completely up to date, then run a full
> >>> > system
> >>> scan
> >>> > and follow the prompts. If "SAS" can't fix it, probably nothing else
> >>> will.
> >>> > It completely destroys "vundo", "winfixer", and all that kind of
> >>> > garbage.
> >>> And
> >>> > the "SAS" author keeps the program's functionality and database
> >>> > completely
> >>> up
> >>> > to date. If you can afford the commercial version, it's probably
> >>> > worth
> >>> it, but
> >>> > I only recommend freeware programs or program versions, so I won't be
> >>> > seen
> >>> as
> >>> > a "spammer". Nothing worse than spammers! They're like telephone
> >>> solicitors
> >>> > that used to invade our private residence while we were eating dinner.
> >>> > We
> >>> now
> >>> > have a "no call" law here in America, but before that federal law was
> >>> passed,
> >>> > we used to get three or four unsolicited calls a day... I ended up
> >>> > turning
> >>> off
> >>> > the telephone ringers, and let our answering machine filter out calls.
> >>>
> >>> > Anyway, there's nothing like the freeware "SpyBot" for general
> >>> anti-spyware:
> >>> >http://www.spybot.info/en/download/
> >>>
> >>> > I use AVG and SpyBot on all my computers. They're both free, and
> >>> neither
> >>> > one of these programs has slowed any of my home computer systems down.
> >>> > I
> >>> use
> >>> > "SAS" to run a full system scan once every month or so, just to make
> >>> > sure
> >>> > "SpyBot" hasn't missed anything. So far, so good. The real-time
> >>> protection
> >>> > afforded by the freeware "SpyBot" has apparently done its job, and I
> >>> > probably average 80 hours per week working over the Internet. So I
> >>> > know
> >>> AVG
> >>> > and SpyBot are definitely keeping my computers bug-free.
> >>>
> >>> > Good luck.
> >>>
> >>> > --
> >>>
> >>> > Ckyp- Hide quoted text -
> >>>
> >>> - Show quoted text -
> >>
> >>
> >> There are hundreds of variants of Vundo out there, if there is one we
> >> missed, in the future, contact our support staff and we can diagnose
> >> the system and update the definitions to remove it. No single tool
> >> will be able to catch everything on a given day - there is just too
> >> much coming out these days.
> >
> >
>
>
>
 
K

Kerry Brown

Re: Head against a wall

The malware is blocking it's own files from being deleted. You can't stop
the malware process by normal means.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"Newell White" <NewellWhite@discussions.microsoft.com> wrote in message
news:4B4F49F2-AFCF-4D09-BE58-CF944CD0BBE9@microsoft.com...
> Excuse what may be a silly question, I am used to AD-integrated networks,
> not sure what your environment is.
>
> Have you tried kiilling any runing processes associated with the file, and
> taking ownership of the file before attempting to rename/delete?
> --
> Regards,
> Newell White
>
>
> "Fonz" wrote:
>
>> G'Day all.
>> Still having my problems. I'm ready to cry.
>> The file type is given as Trojan Horse.PSW.Generic5.WDM in the AVG virus
>> scanner.
>> I found out PSW means Password Stealer, which has me concerned a bit, but
>> I
>> don't save passwords on mycomputer, so I think that may help. BUT.
>> The constant warning by AVG appear when I:
>> -open IE
>> -open 'my computer' folder or any subfolders
>> -attempt to delete the file
>> -attempt to rename the file.
>>
>> Tried SAS. Found lots of other stuff but not this
>> Tried SpyBot results A/A
>> Tried Unlocker nil luck. It doesn't even let me enter the details into
>> the
>> start function. It states 'Access Denied'
>> Tried deleting in command line mode 'Access Denied'
>> I have tried going into Safe Mode using restart and F8, but I don't think
>> it's actually going into that mode.
>> I'm going nuts here. Any ideas.
>> Thanks for all previous replies.
>> Rob.
>>
>>
>>
>>
>> "Fonz" <r@removeme.com.au> wrote in message
>> news:473d5b18@dnews.tpgi.com.au...
>> > I'll give the above few a go, in posted order.
>> > Many thanks in advance
>> > Rob.
>> >
>> >
>> > "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
>> > news:e93b5ca7-8a27-4c98-8416-7bb3ed37f22f@i12g2000prf.googlegroups.com...
>> >> On Nov 14, 2:13 pm, "Paul Zak" <idontgotn...@nowhere.com> wrote:
>> >>> As an update, SAS does NOT "destroy" Vundo I had one machine
>> >>> infected
>> >>> with
>> >>> it & SAS did not even see it I forget exactly what I did to get rid
>> >>> of
>> >>> it
>> >>> but I recall trying several "fixes" and it was some obscure piece of
>> >>> software called "virtumondobegone" that finally took care of it even
>> >>> the
>> >>> vaunted "smitfraudfix" & Norton's "fixvundo" couldn't remove it . . .
>> >>>
>> >>> "Ckyp" <ckyp...@crew.metacolo.com> wrote in message
>> >>>
>> >>> news:ad1ea67bbededde9225ac38506f994a6@remailer.metacolo.com...
>> >>>
>> >>> > "Fonz" <r...@removeme.com.au> wrote:
>> >>> > >I've tried unregistering the dll, but I get an error message of
>> >>> > >access
>> >>> > >denied all the time. Any other ideas?
>> >>> > >How do I found out what is activating the DLL?
>> >>> > >Thanks again,
>> >>> > >Rob.
>> >>>
>> >>> > Sounds like your browser has been "highjacked". Don't you hate
>> >>> > that!
>> >>>
>> >>> > A thorough solution is to download the freeware version of
>> >>> "SUPERAntiSpyware":
>> >>>
>> >>> http://www.superantispyware.com/downloadfile.html?productid=SUPERANTI...
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> > Install it, make sure it's completely up to date, then run a full
>> >>> > system
>> >>> scan
>> >>> > and follow the prompts. If "SAS" can't fix it, probably nothing
>> >>> > else
>> >>> will.
>> >>> > It completely destroys "vundo", "winfixer", and all that kind of
>> >>> > garbage.
>> >>> And
>> >>> > the "SAS" author keeps the program's functionality and database
>> >>> > completely
>> >>> up
>> >>> > to date. If you can afford the commercial version, it's probably
>> >>> > worth
>> >>> it, but
>> >>> > I only recommend freeware programs or program versions, so I won't
>> >>> > be
>> >>> > seen
>> >>> as
>> >>> > a "spammer". Nothing worse than spammers! They're like telephone
>> >>> solicitors
>> >>> > that used to invade our private residence while we were eating
>> >>> > dinner.
>> >>> > We
>> >>> now
>> >>> > have a "no call" law here in America, but before that federal law
>> >>> > was
>> >>> passed,
>> >>> > we used to get three or four unsolicited calls a day... I ended up
>> >>> > turning
>> >>> off
>> >>> > the telephone ringers, and let our answering machine filter out
>> >>> > calls.
>> >>>
>> >>> > Anyway, there's nothing like the freeware "SpyBot" for general
>> >>> anti-spyware:
>> >>> >http://www.spybot.info/en/download/
>> >>>
>> >>> > I use AVG and SpyBot on all my computers. They're both free, and
>> >>> neither
>> >>> > one of these programs has slowed any of my home computer systems
>> >>> > down.
>> >>> > I
>> >>> use
>> >>> > "SAS" to run a full system scan once every month or so, just to
>> >>> > make
>> >>> > sure
>> >>> > "SpyBot" hasn't missed anything. So far, so good. The real-time
>> >>> protection
>> >>> > afforded by the freeware "SpyBot" has apparently done its job, and
>> >>> > I
>> >>> > probably average 80 hours per week working over the Internet. So I
>> >>> > know
>> >>> AVG
>> >>> > and SpyBot are definitely keeping my computers bug-free.
>> >>>
>> >>> > Good luck.
>> >>>
>> >>> > --
>> >>>
>> >>> > Ckyp- Hide quoted text -
>> >>>
>> >>> - Show quoted text -
>> >>
>> >>
>> >> There are hundreds of variants of Vundo out there, if there is one we
>> >> missed, in the future, contact our support staff and we can diagnose
>> >> the system and update the definitions to remove it. No single tool
>> >> will be able to catch everything on a given day - there is just too
>> >> much coming out these days.
>> >
>> >
>>
>>
>>
 
N

Nick Skrepetos

Re: Head against a wall

On Nov 16, 4:36 am, "Fonz" <r...@removeme.com.au> wrote:
> G'Day all.
> Still having my problems. I'm ready to cry.
> The file type is given as Trojan Horse.PSW.Generic5.WDM in the AVG virus
> scanner.
> I found out PSW means Password Stealer, which has me concerned a bit, but I
> don't save passwords on mycomputer, so I think that may help. BUT.
> The constant warning by AVG appear when I:
> -open IE
> -open 'my computer' folder or any subfolders
> -attempt to delete the file
> -attempt to rename the file.
>
> Tried SAS. Found lots of other stuff but not this
> Tried SpyBot results A/A
> Tried Unlocker nil luck. It doesn't even let me enter the details into the
> start function. It states 'Access Denied'
> Tried deleting in command line mode 'Access Denied'
> I have tried going into Safe Mode using restart and F8, but I don't think
> it's actually going into that mode.
> I'm going nuts here. Any ideas.
> Thanks for all previous replies.
> Rob.
>
> "Fonz" <r...@removeme.com.au> wrote in message
>
> news:473d5b18@dnews.tpgi.com.au...
>
>
>
> > I'll give the above few a go, in posted order.
> > Many thanks in advance
> > Rob.
>
> > "Nick Skrepetos" <nskrepe...@yahoo.com> wrote in message
> >news:e93b5ca7-8a27-4c98-8416-7bb3ed37f22f@i12g2000prf.googlegroups.com...
> >> On Nov 14, 2:13 pm, "Paul Zak" <idontgotn...@nowhere.com> wrote:
> >>> As an update, SAS does NOT "destroy" Vundo I had one machine infected
> >>> with
> >>> it & SAS did not even see it I forget exactly what I did to get rid of
> >>> it
> >>> but I recall trying several "fixes" and it was some obscure piece of
> >>> software called "virtumondobegone" that finally took care of it even
> >>> the
> >>> vaunted "smitfraudfix" & Norton's "fixvundo" couldn't remove it . . .
>
> >>> "Ckyp" <ckyp...@crew.metacolo.com> wrote in message
>
> >>>news:ad1ea67bbededde9225ac38506f994a6@remailer.metacolo.com...
>
> >>> > "Fonz" <r...@removeme.com.au> wrote:
> >>> > >I've tried unregistering the dll, but I get an error message of
> >>> > >access
> >>> > >denied all the time. Any other ideas?
> >>> > >How do I found out what is activating the DLL?
> >>> > >Thanks again,
> >>> > >Rob.
>
> >>> > Sounds like your browser has been "highjacked". Don't you hate that!
>
> >>> > A thorough solution is to download the freeware version of
> >>> "SUPERAntiSpyware":
>
> >>>http://www.superantispyware.com/downloadfile.html?productid=SUPERANTI...
>
> >>> > Install it, make sure it's completely up to date, then run a full
> >>> > system
> >>> scan
> >>> > and follow the prompts. If "SAS" can't fix it, probably nothing else
> >>> will.
> >>> > It completely destroys "vundo", "winfixer", and all that kind of
> >>> > garbage.
> >>> And
> >>> > the "SAS" author keeps the program's functionality and database
> >>> > completely
> >>> up
> >>> > to date. If you can afford the commercial version, it's probably
> >>> > worth
> >>> it, but
> >>> > I only recommend freeware programs or program versions, so I won't be
> >>> > seen
> >>> as
> >>> > a "spammer". Nothing worse than spammers! They're like telephone
> >>> solicitors
> >>> > that used to invade our private residence while we were eating dinner.
> >>> > We
> >>> now
> >>> > have a "no call" law here in America, but before that federal law was
> >>> passed,
> >>> > we used to get three or four unsolicited calls a day... I ended up
> >>> > turning
> >>> off
> >>> > the telephone ringers, and let our answering machine filter out calls.
>
> >>> > Anyway, there's nothing like the freeware "SpyBot" for general
> >>> anti-spyware:
> >>> >http://www.spybot.info/en/download/
>
> >>> > I use AVG and SpyBot on all my computers. They're both free, and
> >>> neither
> >>> > one of these programs has slowed any of my home computer systems down.
> >>> > I
> >>> use
> >>> > "SAS" to run a full system scan once every month or so, just to make
> >>> > sure
> >>> > "SpyBot" hasn't missed anything. So far, so good. The real-time
> >>> protection
> >>> > afforded by the freeware "SpyBot" has apparently done its job, and I
> >>> > probably average 80 hours per week working over the Internet. So I
> >>> > know
> >>> AVG
> >>> > and SpyBot are definitely keeping my computers bug-free.
>
> >>> > Good luck.
>
> >>> > --
>
> >>> > Ckyp- Hide quoted text -
>
> >>> - Show quoted text -
>
> >> There are hundreds of variants of Vundo out there, if there is one we
> >> missed, in the future, contact our support staff and we can diagnose
> >> the system and update the definitions to remove it. No single tool
> >> will be able to catch everything on a given day - there is just too
> >> much coming out these days.- Hide quoted text -
>
> - Show quoted text -

Submit a support ticket here and we can run a proprietary custom
diagnostic:
http://www.superantispyware.com/support.html

We can then update our definitions and update the group on our
findings.

-Nick
 
L

Leythos

Re: Head against a wall

In article <473d8ec7$1@dnews.tpgi.com.au>, r@removeme.com.au says...
> G'Day all.
> Still having my problems. I'm ready to cry.
> The file type is given as Trojan Horse.PSW.Generic5.WDM in the AVG virus
> scanner.

You need to understand that malware removal tools can only remove what
they know about and that they ALWAYS LAG BEHIND THE MALWARE WRITERS.

What this means in simple terms is that you can't be sure that you've
cleaned ANY computer once it's compromised, you have one choice to
ensuring that your computer is clean once it's compromised: Wipe it and
reinstall the operating system in a CLEAN ENVIRONMENT.

Yea, it's not what you want to hear, but, ask anyone if malware cleaners
can remove ALL INFECTIONS, KNOWN and UNKNOWN - any of the honest ones
will tell you that they can't.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
 
F

Fonz

It's Done

G'Day all.
Talked to a computer savvi friend who helped me through.
He gave me a disk a couple of years ago called ERD Commander.
We used this and were able to delete the file from there.
After reboot, all my problems have disappeared.
Thanks to all who assisted.
Rob.



"Leythos" <void@nowhere.lan> wrote in message
news:MPG.21aa8875513ba56d98987b@adfree.Usenet.com...
> In article <473d8ec7$1@dnews.tpgi.com.au>, r@removeme.com.au says...
>> G'Day all.
>> Still having my problems. I'm ready to cry.
>> The file type is given as Trojan Horse.PSW.Generic5.WDM in the AVG virus
>> scanner.
>
> You need to understand that malware removal tools can only remove what
> they know about and that they ALWAYS LAG BEHIND THE MALWARE WRITERS.
>
> What this means in simple terms is that you can't be sure that you've
> cleaned ANY computer once it's compromised, you have one choice to
> ensuring that your computer is clean once it's compromised: Wipe it and
> reinstall the operating system in a CLEAN ENVIRONMENT.
>
> Yea, it's not what you want to hear, but, ask anyone if malware cleaners
> can remove ALL INFECTIONS, KNOWN and UNKNOWN - any of the honest ones
> will tell you that they can't.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)
 
K

Kerry Brown

Re: It's Done

If all you did was delete that one file it is very likely you are still
infected.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"Fonz" <r@removeme.com.au> wrote in message
news:474172b4$1@dnews.tpgi.com.au...
> G'Day all.
> Talked to a computer savvi friend who helped me through.
> He gave me a disk a couple of years ago called ERD Commander.
> We used this and were able to delete the file from there.
> After reboot, all my problems have disappeared.
> Thanks to all who assisted.
> Rob.
>
>
>
> "Leythos" <void@nowhere.lan> wrote in message
> news:MPG.21aa8875513ba56d98987b@adfree.Usenet.com...
>> In article <473d8ec7$1@dnews.tpgi.com.au>, r@removeme.com.au says...
>>> G'Day all.
>>> Still having my problems. I'm ready to cry.
>>> The file type is given as Trojan Horse.PSW.Generic5.WDM in the AVG virus
>>> scanner.
>>
>> You need to understand that malware removal tools can only remove what
>> they know about and that they ALWAYS LAG BEHIND THE MALWARE WRITERS.
>>
>> What this means in simple terms is that you can't be sure that you've
>> cleaned ANY computer once it's compromised, you have one choice to
>> ensuring that your computer is clean once it's compromised: Wipe it and
>> reinstall the operating system in a CLEAN ENVIRONMENT.
>>
>> Yea, it's not what you want to hear, but, ask anyone if malware cleaners
>> can remove ALL INFECTIONS, KNOWN and UNKNOWN - any of the honest ones
>> will tell you that they can't.
>>
>> --
>>
>> Leythos
>> - Igitur qui desiderat pacem, praeparet bellum.
>> - Calling an illegal alien an "undocumented worker" is like calling a
>> drug dealer an "unlicensed pharmacist"
>> spam999free@rrohio.com (remove 999 for proper email address)
>
>
 
A

AVG No good useless

get rid of AVG and use real anti virus program but not norton or AVG try McAfee

"Fonz" wrote:

> Good Morning all.
> I'm trying to get rid of a virus which has been found in C:/windows/system32
> folder called:
> d3dxo.dll. Looking on the internet revels it may be a very benign virus,
> with limited security concerns, but... who knows.
>
> I'm using AVG which is up to date, and every time I open an explorer page I
> get warnings. I try to put it into a virus vault and delete, but it's
> always there, even after a reboot.
> tried deleteing in the command mode and it stated access denied.
> Any help is appreciated.
> Rob
> Australia.
>
>
>
 
A

AVG No good useless

zone alarm is an adware and a pain in the ass, it is very atrusive

"Newell White" wrote:

> 1) In Windows Explorer, record modified date/time of d3dxo.dll
> 2) Rename it by adding zzx_ prefix.
> 3) Get Internet Explorer to delete all temporary files and downloaded
> program files.
> 4) Reboot.
>
> If d3dxo.dll re-appears, continue:
> 5) Rename it again
> 6) In Explorer, search C:\ for all files modified on the date you recorded
> in (1) above. Sort into time order and rename all files of the same size as
> d3dxo.dll modified within 2 minutes of the time you recorded.
> 7) Record paths of all other files modified in this time window - they are
> suspects.
> 8) Reboot with no network connection.
> 9) If d3dxo.dll does not appear, the only other thing to guard against is an
> intruder program that calls home to download the files you renamed.
> 10) Plug into the network, and if you don't have a software firewall which
> alerts on outgoing traffic, install one - e.g. free version of Zone Alarm.
> 11) Make sure the infection has not already re-appeared, and reboot again.
> 12) Zone alarm should alert you if one of the suspects tries to call home.
> Re-name it.
> 13) If you want to, delete the renamed files.
> --
> HTH,
> Newell White
>
>
> "Fonz" wrote:
>
> > I've tried unregistering the dll, but I get an error message of access
> > denied all the time. Any other ideas?
> > How do I found out what is activating the DLL?
> > Thanks again,
> > Rob.
> >
> > "Fonz" <r@removeme.com.au> wrote in message
> > news:473a8cc5$1@dnews.tpgi.com.au...
> > > Good Morning all.
> > > I'm trying to get rid of a virus which has been found in
> > > C:/windows/system32 folder called:
> > > d3dxo.dll. Looking on the internet revels it may be a very benign virus,
> > > with limited security concerns, but... who knows.
> > >
> > > I'm using AVG which is up to date, and every time I open an explorer page
> > > I get warnings. I try to put it into a virus vault and delete, but it's
> > > always there, even after a reboot.
> > > tried deleteing in the command mode and it stated access denied.
> > > Any help is appreciated.
> > > Rob
> > > Australia.
> > >
> > >
> >
> >
> >
 
A

AVG No good useless

AVG is a useless piece of software and does nothing, maybe you have just been
lucky so far but i would bet if you ran a real anti virus program it would
find alot, just not norton

"Ckyp" wrote:

>
> "Fonz" <r@removeme.com.au> wrote:
> >I've tried unregistering the dll, but I get an error message of access
> >denied all the time. Any other ideas?
> >How do I found out what is activating the DLL?
> >Thanks again,
> >Rob.
>
> Sounds like your browser has been "highjacked". Don't you hate that!
>
> A thorough solution is to download the freeware version of "SUPERAntiSpyware":
> http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
>
> Install it, make sure it's completely up to date, then run a full system scan
> and follow the prompts. If "SAS" can't fix it, probably nothing else will.
> It completely destroys "vundo", "winfixer", and all that kind of garbage. And
> the "SAS" author keeps the program's functionality and database completely up
> to date. If you can afford the commercial version, it's probably worth it, but
> I only recommend freeware programs or program versions, so I won't be seen as
> a "spammer". Nothing worse than spammers! They're like telephone solicitors
> that used to invade our private residence while we were eating dinner. We now
> have a "no call" law here in America, but before that federal law was passed,
> we used to get three or four unsolicited calls a day... I ended up turning off
> the telephone ringers, and let our answering machine filter out calls.
>
> Anyway, there's nothing like the freeware "SpyBot" for general anti-spyware:
> http://www.spybot.info/en/download/
>
> I use AVG and SpyBot on all my computers. They're both free, and neither
> one of these programs has slowed any of my home computer systems down. I use
> "SAS" to run a full system scan once every month or so, just to make sure
> "SpyBot" hasn't missed anything. So far, so good. The real-time protection
> afforded by the freeware "SpyBot" has apparently done its job, and I
> probably average 80 hours per week working over the Internet. So I know AVG
> and SpyBot are definitely keeping my computers bug-free.
>
> Good luck.
>
> --
>
> Ckyp
>
>
 
You must log in or register to reply here.

Similar threads

O
I can't get rid of this Virus on my PC
Replies
0
Views
47
Ossumpanda
O
D
there are virus in my computer... how do i get rid of it
Replies
0
Views
15
Dheeraj Kumar1311
D
S
I can't get rid of Can not find script file "C:\Users\Public\roox.vbs."
Replies
0
Views
26
Sandra Strauss
S
F
How do I get rid of this virus that is located in powershell.exe?
Replies
0
Views
45
Fredeeeeeeeee
F
G
How to get rid of news?
Replies
0
Views
17
geekiamnot_CJ
G
Back
Top Bottom