HELP! Needed Fast Please

Printable View

Show 40 post(s) from this thread on one page

August 24th, 2004, 08:55 AM
scarecrowdr

HELP! Needed Fast Please

Hi All, This BAD Prob has Eluded me for Days...Been trying to Solve it n each time I think I've Solved it, It shows its Ugly Head..

SomeHow, SomeWhere, I have a Bad Bad Virus that is NOT being Detected....This is What's Happening n what I've Found so far...
Gona be a Bit long...Sorry, but Please have Patiance..Mines Frayed Badly!!....lol

First off I could not DEFRAG my E: Drive...00Defrag refused, XP Pro's Diskeeper refused n Diskeeper Pro Refused...Just Won't Do a Defrag on E: Drive.....F-Secure did Not find anything n i had Mcaffees runing the Firewall.....Gone through my system like a Fine ToothComb, NOWT!!!

Did an online Scan n it found a Trojan---"TROJ_DELF.AR" I Deleted that un....Still could not do a Defrag on E:drive....Checked Reg so many times me Eyes Ache!!NOWT that i can Find.....

My m8 poped up n we put in a Full Mcaffee program that does everything...(so it says).that was at 10.00pm, finished at 2.00am n thought it was cured...Started doing same thing again 15mins later...

OK ok I'm geting there...LOL..

Mcaffee's found this Horrible Pest..."W32/ZAFI.B@MM", We also kept finding these "13A4169A.TMP, 109060897,109061888, 109093354, 109099503, 1090126371, MCM1.TMP".. & KILLAGENT.EXE from mcaffee in C:My Documents & Settings/Name/Local Settings/Temp...I Keep Deleting those numbered files n Shredding em but they keep comeing back from somewhere.....

When I Start up my Comp it loads a few things up in Quick tray at startup then STOPS DEAD, I can't do anything except Restart n Restart untill I Lucky n can do anything.....Even Tried Everything I could in SAFE MODE....So far I'm in here...in virtualdr..
Not gona close Comp today n I hope One of U will be able to HELP Me....I also found these that kept comeing back after Deleteing em, but now Gone.....AVP0046.Tmp, AVP0051.Tmp,AVP0052, AVP0053, V50C30a2880 n V50C30b2880..
Not sure if they were from a Virus Progy I had deleted or from a Virus itself...But they were Persistant like the Others...I have also downloaded n used the updated "Stinger.Exe" NOTHING Found!!
Perplexed!!!!!It's Obvious that there is Some Kind of Virii in my System thats well Hidden.....Do Not want to Do a Full FDisk if possible on my C: drive because it will only get back in anyway when i go on internet to do a mcaffee update...So a cure before hand would be APPRECIATED.....

I Hope to hear from you soon....THANKS.....Dennis..
August 24th, 2004, 09:41 AM
photolady

Turn off system restore and reboot, then turn it back on. Could be your nasty is residing there, hiding until you aren't looking and resurfacing each time.
August 24th, 2004, 09:46 AM
scarecrowdr

Hi photoLady, Thanks for poping in......I Don't Ever Never Use "Systm Restore" It Is Dissabled.....
Next Un....!!...Thanks..
August 24th, 2004, 09:53 AM
photolady

Have you tried using any of the onlince scanners? Like housecall
August 24th, 2004, 10:01 AM
J A L

Go here and look up how to remove it properly! Symantec Link to your virus

Also note the removal tool at the bottom of the page! Run it! ;)
August 24th, 2004, 04:20 PM
scarecrowdr

I did a Reply to this hours ago...Got Stoped by whatever it is stoping things.....
Done EveryThing Folks...HONEST!....Did that Virus scan n many others, plus did em in SAFE MODE also.....No Different...
Just Re-Formated my E: Drive...SIGHhhhhh!!....But still the same....
Next Step is to Re-Format C:....BIGGER SIGHHHHHHHHHhhhhhhhhhhhh!!!!!..
August 25th, 2004, 10:58 PM
scarecrowdr

RESOLVED------------ARGgghggggggggg!!!!LOL

FORMATED the Darn thing....But Believe it or not! Whilst Updateing Mcaffee I recieved a SHEDFULL of Virii n Trojans n Reg Changers etc etc etc....I could not Believe what had happened...
It Was Sickening........Took me 3 hours to clean it up....

CHEERS ALL...
August 26th, 2004, 05:24 PM
scarecrowdr

If Ya Looking in, Any Idea as to What this is----

lwjhridi
Filename C:\WINDOWS\System32\rdijdjrx.exe

Is it OK or is it some Virus......THANKS..
August 26th, 2004, 05:54 PM
fink

It's nothing good. I can't find anything on it but that's not surprising since many viruses rename themselves randomly and uniquely as this one has.

Is it still there after your reformat?
August 26th, 2004, 07:11 PM
scarecrowdr

Hi fink---This come in after Reformat.....n This BEAST keeps comeing back from somewhere...probs from a progy but which un i don' know...."VX2/f" even put in a patch n it still comes back
This is from the Search with Spybot search n Destroy....

HKEY_USERS\S-1-5-21-117609710-789336058-854243398-1003\software\mxTarget

HKEY_Current USERS\Software\Microsoft\Windows\CurrentVersion\policies\explorer----Then over on left window i got these----DEFAULT REG_S2 (value not set)
NoCDBurning REG_DWORD 0x00000001 (1) and
NoDriveTypeAutoRun REG_DWORD 0x00000091 (145)

I think that last un is Spyware but not sure...

Any Help would be Gratefull...If I cant solve this i will do another Format n this time check every progy straight after install...That way I be able to eliminate the Progys...Rest then will probs come in through internet whilst updateing Mcafee....

If anyone got this "lwjhridi
Filename C:\WINDOWS\System32\rdijdjrx.exe "
in their System32 Please let me know what it is..
August 26th, 2004, 07:18 PM
scarecrowdr

PS---This "C:\WINDOWS\System32\rdijdjrx.exe " is to do with MSDOS....But What I do NOT know....So if it's safe, why is it being picked up..
August 26th, 2004, 07:30 PM
fink

Here's instructions on how to get rid of mxtarget..

http://www.pestpatrol.com/PestInfo/t/twain-tech.asp

I don't know if it's related to the rdijdjrx.exe or not but get rid of this adware and see if it goes too.

EDIT- after looking over the symantec page that JAL linked to above it appears that virus/worm creates a random eight letter .exe file... so putting 4 and 4 together it appears as though you still are infected with it. Did you go through the cleaning process as the page describes?
August 26th, 2004, 08:24 PM
fink

Incidentally although stinger is a good tool it is only designed to look for and fix a few certain viruses..

http://vil.nai.com/vil/stinger/
August 26th, 2004, 10:58 PM
scarecrowdr

According to Mcaffee this is Not a Virus...
C:\WINDOWS\System32\rdijdjrx.exe
Its to do with MSDOS, but my M8 does not have it in his Machine...
So its probably got installed via a progy i put in.....Other worrying thing for me is that I keep getting different Trojans n Hijackers but I not been anywhere to get em.......My Comp is Stealthed all the way n i not even Downloaded anything....
So I think They be here n being reproduced by a Program or Programs I've Installed...
Keep comeing with the Cures but if i cant cure in a day or two i will ReFormat again....I have now checked all my progys with Mcafee n i found two, so deleted from my CDRW......Nortons didnt find a thing..What Rubbish..Cheers n Thanks..
August 27th, 2004, 07:43 AM
Train

Panda ActiveScan

HouseCall Free Online Virus Scanner

eTrust AntiVirus Web Scanner

Use these for a second opinion or when you believe something has slipped by your antivirus program. They are more upto date that the 2 you talk about. Which are worthless in my book.

Do you have a firewall enabled? If not you are immediately reinfected the first time you hit the internet with a NT based OS.

http://www.microsoft.com/security/default.mspx

Have you cleaned out the index.dat files?

Windows XP - Surviving the first day
Here is an excellent article for anyone about to move to WinXP. It's a 1.2MB PDF:

http://www.sans.org/rr/papers/index.php?id=1298

Show 40 post(s) from this thread on one page