[robertch]

I have acquired some sort of virus/ malware and have been unable to get rid of it. Running various spyware/ virus detection programs in the normal windows XP mode causes the computer to restart and a blue screen to appear citing vdnt32.sys as the problem. I have run a variety of virus programs in the safe mode with no progress on the problem. I found a post on one of the forums with what seemed to be a description of the same problem. The administrater suggested downloading and running Service Filter which I have done. I was not entirely clear where the results should be posted so I will post them here. This means nothing to me so I hope you can be of some assistance.

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 1
Mar 19, 2005 4:02:08 PM


===> Begin Service Listing <===

Unknown Service #1
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{3ee29ad4-5228-4714-a7af-527e8da5d5d7}
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

---> End Service Listing <---

There are 81 Win32 services on this machine.
1 were unrecognized.

Script Execution Time: 9.242188 seconds.

[Advertisements]

...maybe I am reading this wrong--I don't know what system filter is supposed to accomplish.

That is a legitimate file and legitimate service (dllhost)

This, vdnt32.sys, however, is not. It is a trojan horse.

Follow the directions in the pinned thread at the top of this forum:

http://www.geekstogo...o_Here-f37.html

then post a hijackthis log if still needed.

[gerryf]

...maybe I am reading this wrong--I don't know what system filter is supposed to accomplish.

That is a legitimate file and legitimate service (dllhost)

This, vdnt32.sys, however, is not. It is a trojan horse.

Follow the directions in the pinned thread at the top of this forum:

http://www.geekstogo...o_Here-f37.html

then post a hijackthis log if still needed.

[robertch]

Maybe I'm just a little slow but I'm having trouble following what you want me to do . While I have no idea what "pinned" means I am smart enough to see it written before several of the topics in the link you provided. Do you want me to open the "What to help others?" link. Where exactly should I be looking for instructions? Thanks for your patience and your help. I have also posted a HiJackThis log so we'll see what that does.

[gerryf]

read the thread:

Pinned: You Must Read This Before Posting A Hijackthis Log

Then do as you have...it helps because the pre-steps will eliminate some of the easy stuff and make fixing the harder stuff faster.