Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

vtd_16.exe


  • Please log in to reply

#1
DarkSaturn

DarkSaturn

    New Member

  • Member
  • Pip
  • 1 posts
Trend micro seems to suggest its part of Haxdoor.BA.

It launches itself at start-up, zone alarm alerted me to it trying to act as a server.

vtd_16.exe is located in C:\Windows\System32

Its somehow managing to hide itself, the file can only be seen in safe mode. I tried deleting it there, the first time it let me but the file showed up again next reboot, the next time I tried to delete it in safe mode it wouldn't do so claiming another user was using the file. I was going to try and drop another file under that name in the C:\Windows\System32 to stop it from gaining ground again on the next restart only to find that any files renamed to vtd_16.exe dissapeared (was just renaming an empty .txt file, in a different directory completely) even with show all files on, trying again it wouldn't let me create another file in the directory with that name claiming it already exists.

Are there any free spyware/virus programs out there that will get rid of this?
I'm running Spyware Doctor and AVG. Neither of which will do it. Or does anybody know all the parts I will need to get rid of to stop it respawning, there must be something allowing to to be hidden.

Cheers,

Saturn
  • 0

Advertisements


#2
Koretek

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Hiya Saturn,
For anyone to help you we will need to see a HijackThis log, there is the latest version in our downloads section, the link is in my signature, once you have downloaded the HijackThis also follow the 4 steps outlined in my signature and then post your HijackThis log for us to examine and help you! Also in step #3 try the TDS Anti-Trojan, you only need one of those tools in step #3.

Edited by Koretek, 04 February 2005 - 09:38 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP