HELP! Needed Fast Please

[scarecrowdr]

Hi All, This BAD Prob has Eluded me for Days...Been trying to Solve it n each time I think I've Solved it, It shows its Ugly Head..

SomeHow, SomeWhere, I have a Bad Bad Virus that is NOT being Detected....This is What's Happening n what I've Found so far...
Gona be a Bit long...Sorry, but Please have Patiance..Mines Frayed Badly!!....lol

First off I could not DEFRAG my E: Drive...00Defrag refused, XP Pro's Diskeeper refused n Diskeeper Pro Refused...Just Won't Do a Defrag on E: Drive.....F-Secure did Not find anything n i had Mcaffees runing the Firewall.....Gone through my system like a Fine ToothComb, NOWT!!!

Did an online Scan n it found a Trojan---"TROJ_DELF.AR" I Deleted that un....Still could not do a Defrag on E:drive....Checked Reg so many times me Eyes Ache!!NOWT that i can Find.....

My m8 poped up n we put in a Full Mcaffee program that does everything...(so it says).that was at 10.00pm, finished at 2.00am n thought it was cured...Started doing same thing again 15mins later...

OK ok I'm geting there...LOL..

Mcaffee's found this Horrible Pest..."W32/ZAFI.B@MM", We also kept finding these "13A4169A.TMP, 109060897,109061888, 109093354, 109099503, 1090126371, MCM1.TMP".. & KILLAGENT.EXE from mcaffee in C:My Documents & Settings/Name/Local Settings/Temp...I Keep Deleting those numbered files n Shredding em but they keep comeing back from somewhere.....

When I Start up my Comp it loads a few things up in Quick tray at startup then STOPS DEAD, I can't do anything except Restart n Restart untill I Lucky n can do anything.....Even Tried Everything I could in SAFE MODE....So far I'm in here...in virtualdr..
Not gona close Comp today n I hope One of U will be able to HELP Me....I also found these that kept comeing back after Deleteing em, but now Gone.....AVP0046.Tmp, AVP0051.Tmp,AVP0052, AVP0053, V50C30a2880 n V50C30b2880..
Not sure if they were from a Virus Progy I had deleted or from a Virus itself...But they were Persistant like the Others...I have also downloaded n used the updated "Stinger.Exe" NOTHING Found!!
Perplexed!!!!!It's Obvious that there is Some Kind of Virii in my System thats well Hidden.....Do Not want to Do a Full FDisk if possible on my C: drive because it will only get back in anyway when i go on internet to do a mcaffee update...So a cure before hand would be APPRECIATED.....

I Hope to hear from you soon....THANKS.....Dennis..

[photolady]

Turn off system restore and reboot, then turn it back on. Could be your nasty is residing there, hiding until you aren't looking and resurfacing each time.

[scarecrowdr]

Hi photoLady, Thanks for poping in......I Don't Ever Never Use "Systm Restore" It Is Dissabled.....
Next Un....!!...Thanks..

[photolady]

Have you tried using any of the onlince scanners? Like housecall

[J A L]

Go here and look up how to remove it properly! Symantec Link to your virus


Also note the removal tool at the bottom of the page! Run it!

[scarecrowdr]

I did a Reply to this hours ago...Got Stoped by whatever it is stoping things.....
Done EveryThing Folks...HONEST!....Did that Virus scan n many others, plus did em in SAFE MODE also.....No Different...
Just Re-Formated my E: Drive...SIGHhhhhh!!....But still the same....
Next Step is to Re-Format C:....BIGGER SIGHHHHHHHHHhhhhhhhhhhhh!!!!!..

[scarecrowdr]

RESOLVED------------ARGgghggggggggg!!!!LOL

FORMATED the Darn thing....But Believe it or not! Whilst Updateing Mcaffee I recieved a SHEDFULL of Virii n Trojans n Reg Changers etc etc etc....I could not Believe what had happened...
It Was Sickening........Took me 3 hours to clean it up....

CHEERS ALL...

[scarecrowdr]

If Ya Looking in, Any Idea as to What this is----

lwjhridi
Filename C:\WINDOWS\System32\rdijdjrx.exe

Is it OK or is it some Virus......THANKS..

[fink]

It's nothing good. I can't find anything on it but that's not surprising since many viruses rename themselves randomly and uniquely as this one has.

Is it still there after your reformat?

[scarecrowdr]

Hi fink---This come in after Reformat.....n This BEAST keeps comeing back from somewhere...probs from a progy but which un i don' know...."VX2/f" even put in a patch n it still comes back
This is from the Search with Spybot search n Destroy....

HKEY_USERS\S-1-5-21-117609710-789336058-854243398-1003\software\mxTarget

HKEY_Current USERS\Software\Microsoft\Windows\CurrentVersion\policies\explorer----Then over on left window i got these----DEFAULT REG_S2 (value not set)
NoCDBurning REG_DWORD 0x00000001 (1) and
NoDriveTypeAutoRun REG_DWORD 0x00000091 (145)

I think that last un is Spyware but not sure...

Any Help would be Gratefull...If I cant solve this i will do another Format n this time check every progy straight after install...That way I be able to eliminate the Progys...Rest then will probs come in through internet whilst updateing Mcafee....

If anyone got this "lwjhridi
Filename C:\WINDOWS\System32\rdijdjrx.exe "
in their System32 Please let me know what it is..

[scarecrowdr]

PS---This "C:\WINDOWS\System32\rdijdjrx.exe " is to do with MSDOS....But What I do NOT know....So if it's safe, why is it being picked up..

[fink]

Here's instructions on how to get rid of mxtarget..

http://www.pestpatrol.com/PestInfo/t/twain-tech.asp

I don't know if it's related to the rdijdjrx.exe or not but get rid of this adware and see if it goes too.

EDIT- after looking over the symantec page that JAL linked to above it appears that virus/worm creates a random eight letter .exe file... so putting 4 and 4 together it appears as though you still are infected with it. Did you go through the cleaning process as the page describes?

[fink]

Incidentally although stinger is a good tool it is only designed to look for and fix a few certain viruses..

http://vil.nai.com/vil/stinger/

[scarecrowdr]

According to Mcaffee this is Not a Virus...
C:\WINDOWS\System32\rdijdjrx.exe
Its to do with MSDOS, but my M8 does not have it in his Machine...
So its probably got installed via a progy i put in.....Other worrying thing for me is that I keep getting different Trojans n Hijackers but I not been anywhere to get em.......My Comp is Stealthed all the way n i not even Downloaded anything....
So I think They be here n being reproduced by a Program or Programs I've Installed...
Keep comeing with the Cures but if i cant cure in a day or two i will ReFormat again....I have now checked all my progys with Mcafee n i found two, so deleted from my CDRW......Nortons didnt find a thing..What Rubbish..Cheers n Thanks..

[Train]

Panda ActiveScan

HouseCall Free Online Virus Scanner

eTrust AntiVirus Web Scanner

Use these for a second opinion or when you believe something has slipped by your antivirus program. They are more upto date that the 2 you talk about. Which are worthless in my book.

Do you have a firewall enabled? If not you are immediately reinfected the first time you hit the internet with a NT based OS.

http://www.microsoft.com/security/default.mspx

Have you cleaned out the index.dat files?

Windows XP - Surviving the first day
Here is an excellent article for anyone about to move to WinXP. It's a 1.2MB PDF:

http://www.sans.org/rr/papers/index.php?id=1298