HELP! Needed Fast Please

Hi All, This BAD Prob has Eluded me for Days...Been trying to Solve it n each time I think I've Solved it, It shows its Ugly Head..

SomeHow, SomeWhere, I have a Bad Bad Virus that is NOT being Detected....This is What's Happening n what I've Found so far...
Gona be a Bit long...Sorry, but Please have Patiance..Mines Frayed Badly!!....lol

First off I could not DEFRAG my E: Drive...00Defrag refused, XP Pro's Diskeeper refused n Diskeeper Pro Refused...Just Won't Do a Defrag on E: Drive.....F-Secure did Not find anything n i had Mcaffees runing the Firewall.....Gone through my system like a Fine ToothComb, NOWT!!!

Did an online Scan n it found a Trojan---"TROJ_DELF.AR" I Deleted that un....Still could not do a Defrag on E:drive....Checked Reg so many times me Eyes Ache!!NOWT that i can Find.....

My m8 poped up n we put in a Full Mcaffee program that does everything...(so it says).that was at 10.00pm, finished at 2.00am n thought it was cured...Started doing same thing again 15mins later...

OK ok I'm geting there...LOL..

Mcaffee's found this Horrible Pest..."W32/ZAFI.B@MM", We also kept finding these "13A4169A.TMP, 109060897,109061888, 109093354, 109099503, 1090126371, MCM1.TMP".. & KILLAGENT.EXE from mcaffee in C:My Documents & Settings/Name/Local Settings/Temp...I Keep Deleting those numbered files n Shredding em but they keep comeing back from somewhere.....

When I Start up my Comp it loads a few things up in Quick tray at startup then STOPS DEAD, I can't do anything except Restart n Restart untill I Lucky n can do anything.....Even Tried Everything I could in SAFE MODE....So far I'm in here...in virtualdr..
Not gona close Comp today n I hope One of U will be able to HELP Me....I also found these that kept comeing back after Deleteing em, but now Gone.....AVP0046.Tmp, AVP0051.Tmp,AVP0052, AVP0053, V50C30a2880 n V50C30b2880..
Not sure if they were from a Virus Progy I had deleted or from a Virus itself...But they were Persistant like the Others...I have also downloaded n used the updated "Stinger.Exe" NOTHING Found!!
Perplexed!!!!!It's Obvious that there is Some Kind of Virii in my System thats well Hidden.....Do Not want to Do a Full FDisk if possible on my C: drive because it will only get back in anyway when i go on internet to do a mcaffee update...So a cure before hand would be APPRECIATED.....

I Hope to hear from you soon....THANKS.....Dennis..

Turn off system restore and reboot, then turn it back on. Could be your nasty is residing there, hiding until you aren't looking and resurfacing each time.

Hi photoLady, Thanks for poping in......I Don't Ever Never Use "Systm Restore" It Is Dissabled.....
Next Un....!!...Thanks..

Have you tried using any of the onlince scanners? Like housecall

Go here and look up how to remove it properly! Symantec Link to your virus


Also note the removal tool at the bottom of the page! Run it! ;)

I did a Reply to this hours ago...Got Stoped by whatever it is stoping things.....
Done EveryThing Folks...HONEST!....Did that Virus scan n many others, plus did em in SAFE MODE also.....No Different...
Just Re-Formated my E: Drive...SIGHhhhhh!!....But still the same....
Next Step is to Re-Format C:....BIGGER SIGHHHHHHHHHhhhhhhhhhhhh!!!!!..

RESOLVED------------ARGgghggggggggg!!!!LOL

FORMATED the Darn thing....But Believe it or not! Whilst Updateing Mcaffee I recieved a SHEDFULL of Virii n Trojans n Reg Changers etc etc etc....I could not Believe what had happened...
It Was Sickening........Took me 3 hours to clean it up....

CHEERS ALL...

If Ya Looking in, Any Idea as to What this is----

lwjhridi
Filename C:\WINDOWS\System32\rdijdjrx.exe

Is it OK or is it some Virus......THANKS..

It's nothing good. I can't find anything on it but that's not surprising since many viruses rename themselves randomly and uniquely as this one has.

Is it still there after your reformat?

Hi fink---This come in after Reformat.....n This BEAST keeps comeing back from somewhere...probs from a progy but which un i don' know...."VX2/f" even put in a patch n it still comes back
This is from the Search with Spybot search n Destroy....

HKEY_USERS\S-1-5-21-117609710-789336058-854243398-1003\software\mxTarget

HKEY_Current USERS\Software\Microsoft\Windows\CurrentVersion\policies\explorer----Then over on left window i got these----DEFAULT REG_S2 (value not set)
NoCDBurning REG_DWORD 0x00000001 (1) and
NoDriveTypeAutoRun REG_DWORD 0x00000091 (145)

I think that last un is Spyware but not sure...

Any Help would be Gratefull...If I cant solve this i will do another Format n this time check every progy straight after install...That way I be able to eliminate the Progys...Rest then will probs come in through internet whilst updateing Mcafee....

If anyone got this "lwjhridi
Filename C:\WINDOWS\System32\rdijdjrx.exe "
in their System32 Please let me know what it is..

PS---This "C:\WINDOWS\System32\rdijdjrx.exe " is to do with MSDOS....But What I do NOT know....So if it's safe, why is it being picked up..

Here's instructions on how to get rid of mxtarget..

http://www.pestpatrol.com/PestInfo/t/twain-tech.asp

I don't know if it's related to the rdijdjrx.exe or not but get rid of this adware and see if it goes too.

EDIT- after looking over the symantec page that JAL linked to above it appears that virus/worm creates a random eight letter .exe file... so putting 4 and 4 together it appears as though you still are infected with it. Did you go through the cleaning process as the page describes?

Incidentally although stinger is a good tool it is only designed to look for and fix a few certain viruses..

http://vil.nai.com/vil/stinger/

According to Mcaffee this is Not a Virus...
C:\WINDOWS\System32\rdijdjrx.exe
Its to do with MSDOS, but my M8 does not have it in his Machine...
So its probably got installed via a progy i put in.....Other worrying thing for me is that I keep getting different Trojans n Hijackers but I not been anywhere to get em.......My Comp is Stealthed all the way n i not even Downloaded anything....
So I think They be here n being reproduced by a Program or Programs I've Installed...
Keep comeing with the Cures but if i cant cure in a day or two i will ReFormat again....I have now checked all my progys with Mcafee n i found two, so deleted from my CDRW......Nortons didnt find a thing..What Rubbish..Cheers n Thanks..

Panda ActiveScan

HouseCall Free Online Virus Scanner

eTrust AntiVirus Web Scanner

Use these for a second opinion or when you believe something has slipped by your antivirus program. They are more upto date that the 2 you talk about. Which are worthless in my book.

Do you have a firewall enabled? If not you are immediately reinfected the first time you hit the internet with a NT based OS.

http://www.microsoft.com/security/default.mspx

Have you cleaned out the index.dat files?

Windows XP - Surviving the first day
Here is an excellent article for anyone about to move to WinXP. It's a 1.2MB PDF:

http://www.sans.org/rr/papers/index.php?id=1298

What I find curious....is....you say you figure you will be picking up some nasties when you update Mcafee.....if thats the case...why install Mcafee....get Norton.....or a free version of AVG.....

Along with those other scanners you can also submit that single, possibly viral file here..

http://kaspersky.com/remoteviruschk.html

to see what they say about it.

I don't understand what the MSDOS reference is that you keep mentioning. You have Windows XP right?... Maybe you could explain in more specific and slower detail what you mean and where it says that file has something to do with DOS.

Have you scanned the CD's or whatever you're loading your programs from for viruses?

OK OK---Sorry for Double Post, but I did Title it "Double Post for Double Trouble"....First time doing it, n Thanks for Helping...

OK then.....Done ALL that U have ALL Mentioned before U poped in here to tell me....THANKS ANYWAY.....APPRECIATED....

NONE Worked, None knows what it is......

If this came from a Progy I have Installed, then Why was it not picked up before I Formated....Why only on a Clean System!?
find it rather Puzzeling.....
Anyway, I did a Scan of All my CDRs n DVD-Rs thats got saved Apps/Progs on from Internet....Nortons not find anything, F-Secure no find, But Hello!...Mcafee's found 4....2 were deleted from the CDRW but 2 r on my DVD-R never to be used again...
These Got into my CLEAN PC...
The Persistant one "VX2/f" Was Very Persistant n would not Go...I say was!....Now GONE....How!..Here we Go....lol

It was Resideing in Windows as "MxTarget.dll" from www.MxTarget.com....They told me How to Delete the Rugger...
Here it is for those who ever come up against it...




home | contact us | privacy policy | removal instructions

This is to Remove the file MxTarget.dll in Windows....its part of this VX2/f...very persistant..



If you want to uninstall, you can do so easily through the add/remove function in your control panel. You can access your control panel by going to:

1. Start (typically, the button in the bottom left of your screen)
2. Choose SETTINGS
3. Choose CONTROL PANEL
4. Choose ADD/REMOVE PROGRAMS
5. Select mxtarget
6. Click on ADD/REMOVE

Of course we encourage you to leave it on so that you can benefit from the occasional offers that it shows you. If you need more information, or experience any technical problems, please contact us at [email protected]. We look forward to hearing from you.

In the absence of an entry in ADD/REMOVE PROGRAMS please use on of the following methods: For Windows98 and WindowsXP users:
a) To permanently disable the software click "Start" and then "Run" and type the following command which unregisters the software: regsvr32 c:\windows\mxtarget.dll -u"

b) To completely remove the software: reboot and then Find and Delete the file mxtarget.dll.

For Windows2000, WindowsME and WindowsNT users:

a) To permanently disable the software click "Start" and then "Run" and type the following command which unregisters the software: "regsvr32 c:\winnt\mxtarget.dll -u"

b) To completely remove the software: reboot and then Find and Delete the file mxtarget.dll.






Copyright © 2003 MX-Targeting

Now thats GONE (was very very persistant) but This Remains in System32...."rdijdjrx.exe" n its all about MSDOS....I took a Print Screen of it But How do I show U it..it is a Jpg..
When I deleted that MxTarget.dll, McAfee poped up n asked me if I want to let rdijdjrx.exe access the Internet for very first time...I said BLOCK......

That's enough for now...Over to U Good Peeps....THANKS..

To attach a jpg/file when you post look below the window you're typing in and you'll see "ATTACH FILE" and then a button that says "browse". Browse to the jpg and click ok. That will include the jpg in that post.


For future reference and to make things easier for us to help you could you please try to not use all caps and abbreviations? Some of us are having trouble deciphering your posts :(

Well fink My Friend....In All the time i've been a Member U be the Only one to complain about me n my Use of CAPS n trouble with decyphering my posts.......

I use Caps to Emphasize something..example---THANKS, it shows you my Appreciation for all the HELP U have ALL given me....

Plain English i thought....

Thanks for showing me how to post a Jpg.......

PROBLEM SOLVED............

After going back n forth Normal Mode & Safe Mode on numerous occasions I found that these three (nvms.dll--mscb.dll--msbe.dll) were associated with nls.dll Module that comes from these IDIOTS.."Company Exact Advertising"...

rdijdjrx.exe----is a disguise for this pice of Rubbish..(Golden Palace Casino) from ww-.callinghome.biz & was Hideing in
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Run\qucswpizrb

This (qucswpizrb) is a disguise for this idiot i could not Delete---(rdijdjrx.exe) <this was disguiseing itself as an MS-DOS application. So if anyone else gets this they now know how to Delete it.......Because of its disguise my SpyBot n Others could not find it...If it was its useual Golden Palace it would of been found instantly.....I have LEARNT a HARD lesson....But have also learnt how to do changes n Deletes in the REG.,...Got Lots to Learn Yet.
Will let you all know later on if the problem is fully resolved or if it keeps comeing back.......THANKS n Take Care.....Dennis

ALL Systems R GO........Fully Clean n Reved Up....

Take Care all.....THANKS..