We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Help again!!!!

13468913

Comments

  • itsbeef
    itsbeef Posts: 801 Forumite
    that should read Win32: Dumador-G

    shouldnt have a smiley on it
  • christie_m
    christie_m Posts: 109 Forumite
    Part of the Furniture Combo Breaker
    Does AVAST clean it?

    What's the name of the scumware, the smiley seems to cover up part of the name.
  • albertross_2
    albertross_2 Posts: 8,932 Forumite
    Did you do it in safe mode, was this the filename

    c:\windows\dvpd.dll
    Ever get the feeling you are wasting your time? :rolleyes:
  • albertross_2
    albertross_2 Posts: 8,932 Forumite
    are any of these files on your PC

    Backdoor.Win32.Dumador.g
    port: 1000, 1001, 2283 TCP

    dropped files:
    c:\Documents and Settings\%user%\Start Menu\Programs\Startup\rundllw.exe
    size: 24,600 bytes

    c:\WINDOWS\dllreg.exe
    size: 24,600 bytes

    c:\WINDOWS\guid32.dll (Trojan-Spy.Win32.SilentLog.a)
    size: 4,096 bytes

    c:\WINDOWS\rundllx.sys
    size: 26 bytes

    c:\WINDOWS\system32\load32.exe
    size: 24,600 bytes

    c:\WINDOWS\system32\vxdmgr32.exe
    size: 24,600 bytes

    startup:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
    Old data: Explorer.exe
    New data: explorer.exe C:\WINDOWS\System32\vxdmgr32.exe

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run"
    Data: C:\WINDOWS\dllreg.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "load32"

    have you gone to bed?
    Ever get the feeling you are wasting your time? :rolleyes:
  • christie_m
    christie_m Posts: 109 Forumite
    Part of the Furniture Combo Breaker
    albertross - no response from itsbeef in 20-30 mins...it's gone very quiet in here!

    ;)
  • itsbeef
    itsbeef Posts: 801 Forumite
    run full scan thro avast and Win32.Dumador.g was deleted

    rebooted and Win32.Dumador.g has re-appeared
  • christie_m
    christie_m Posts: 109 Forumite
    Part of the Furniture Combo Breaker
    itsbeef is still showing as online...maybe he's fallen asleep at the keyboard!
  • itsbeef
    itsbeef Posts: 801 Forumite
    now have DCOM-exploit coming up as being detected by AVAST??
  • itsbeef
    itsbeef Posts: 801 Forumite
    and LSASS Exploit keeps being blocked by AVAST

    ??
  • albertross_2
    albertross_2 Posts: 8,932 Forumite
    Did you do it in safe mode (F8 at startup). If not, try it..

    P.S. If you are going to bed, pl tell us... first..
    Ever get the feeling you are wasting your time? :rolleyes:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.5K Banking & Borrowing
  • 253.7K Reduce Debt & Boost Income
  • 454.5K Spending & Discounts
  • 245.5K Work, Benefits & Business
  • 601.5K Mortgages, Homes & Bills
  • 177.6K Life & Family
  • 259.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture