Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New here....literally and figuratively! :D Please help


  • Please log in to reply

#1
newarcher

newarcher

    New Member

  • Member
  • Pip
  • 5 posts
Hi all,

I am new here and moderately knowledgeable person with respect to computers. Knowledge I have, lots of time I do not. I use this PC for my Accounting and Tax business and it is tax season.

I run AVG spyware and virus protection (free version), Ad aware, and Spybot. For the past few days, I have been battling trojans from hadees.

The virus is reviving itself by adding an entry in the system startup as follows:
Located: HK_LM:Run, BMd3877471
command: Rundll32.exe "C:\WINDOWS\system32\btoyfsdb.dll",s
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!


I ran all the virus/spyware tools in both safe mode and in regular mode. The following viruses were found:

Trojan horse generic9.BHWU
Trojan Obfuscated mu
virtumonde.dll


Each time, I choose to clean the system and it appears to. Then, spybot keeps popping up the message that entry BMd3877471 is trying to change a system startup global entry (even though the change has already been made). Each time I get rid of the DLL file referenced in the spybot warning message (in safe mode or not), it comes back....this time with a different DLL name.

I am at the point where I am ready to reformat the entire system, start from scratch, and proceed. I spent all weekend chasing my tail and I am no further along. I could have rebuilt the system by now. I am not confident in working with client data or transmitting e-file returns while this is on my system.

Can someone please help?

Thanks,
New
  • 0

Advertisements


#2
cmpm

cmpm

    Member

  • Member
  • PipPipPip
  • 561 posts
Unplug the net, after updating your scanning tools and before you scan and clean.

Have you used these tools?

http://www.geekstogo...-Log-t2852.html

If you have and still have the problem, post in this forum-

http://www.geekstogo...o-Here-f37.html
  • 0

#3
newarcher

newarcher

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I did most of them......thank you very much, I will do them tonight and post my results.

New
  • 0

#4
newarcher

newarcher

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for the help. Here's what I got last night.

I did the steps you gave me and it seems to have worked. First, when we created the check points and erased the previous check points previously, we didn't run the disk cleanup...which accounts for why the virus kept propigating itself.

I ran ATF cleaner and then I ran AVG spyware protection, found nothing. I performed the system restor procedure. I then ran Superanti and I hit on 1 Vundo in memory, 5 in the registry, and 1 in the file system and I cleaned them off. I did not run Panda yet because I wanted to run AVG virus scan first before hooking the internet connection back up. I ran AVG overnight (it takes about 1.5 hours) and had it shut the system off just in case.

I am already at SP2 of Windows XP.

Tonight's plan is to review the AVG results and--assuming there will be no infections--I will then re-establish the internet connection and run panda and hijack this so that I can post the logs.

I will get the logs tomorrow and post them here so that the experts can verify that nothing is still amiss.

Thanks,
New
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Don't post the logs here, it is the wrong section

If the problem remains, go over to the Malware Removal forum, read the sticky threads there, and make a topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP