Trojan.generic.1027635
Since last week, my computer became infected with malware and trojans that BitDefender promptly identified, but could do nothing about.
Today, I was able to delete all but one - most of which I was able to delete after adding them to the quarantine and sending them into the lab. However, this one still remains and I know where it is - C:Windows\System32\d3dramp32.dll - but I cannot delete, unlocker can't even help me. I was in safe mode, I have used msconfig in both regular and safe mode but it keeps popping up. Please help me, I am so sick and tired of going through the same steps over and over with no success!!! Here is my hijack this file:
Logfile of HijackThis v1.99.1
Scan saved at 6:41:31 PM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
\BITDEF~1.2\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
\BitDefender Professional Edition 7.2\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\WindowsXP-KB905474-ENU-x86.exe
e:\7bb0a4fc24e66892d1a99164\update\update.exe
\hijackthis\HijackThis.exe
e:\7bb0a4fc24e66892d1a99164\wgatray.exe
O4 - HKLM\..\Run: [bDMCon] \BITDEF~1.2\bdmcon.exe
O4 - HKLM\..\Run: [bDNewsAgent] \BitDefender Professional Edition 7.2\bdnagent.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\System32\d3dramp32.dll
O20 - Winlogon Notify: 58625298502 - C:\WINDOWS\System32\d3dramp32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - \BitDefender Professional Edition 7.2\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Comments
-
nothing is wrong with your hijackthislog except for the file you just named. You can try running another hijackthis scan and when it finishes, check the checkbox next to
O20 - Winlogon Notify: 58625298502 - C:\WINDOWS\System32\d3dramp32.dll (file missing)
press fix. see if that helps.0 -
Please post another log made with Hijackthis 2.0.2
0 -
Hi - when I select the file and type Fix, nothing happens. The list clears in its entirety and when I re-scan the files still show up.
here is a new log in v2.0.2 as suggested. Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:31 PM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE\BITDEF~1.2\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe\BitDefender Professional Edition 7.2\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [bDMCon]\BITDEF~1.2\bdmcon.exe
O4 - HKLM\..\Run: [bDNewsAgent]\BitDefender Professional Edition 7.2\bdnagent.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\d3dramp32.dll
O20 - Winlogon Notify: 58625298502 - C:\WINDOWS\System32\d3dramp32.dll (file missing)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner -\BitDefender Professional Edition 7.2\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe0 -
scan again with hijackthis and check the little checkbox next to
O20 - Winlogon Notify: 58625298502 - C:\WINDOWS\System32\d3dramp32.dll (file missing)
and press fix.
If the files are still there then report back0 -
I tried it 3 times just now...I hit 'fix checked' and a warning box pops up saying:
Fix 1 selected items? This will permanently delete and/or repair what you selected.
So I hit Yes and the screen clears. I hit scan again and the file is STILL there.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:40 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe\BitDefender Professional Edition 7.2\vsserv.exe
d:\bitdef~1.2\bdmcon.exe
d:\bitdef~1.2\bdlite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Autoruns\autoruns.exe\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [bDMCon]\BITDEF~1.2\bdmcon.exe
O4 - HKLM\..\Run: [bDNewsAgent]\BitDefender Professional Edition 7.2\bdnagent.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - Winlogon Notify: 58625298502 - C:\WINDOWS\System32\d3dramp32.dll (file missing)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner -\BitDefender Professional Edition 7.2\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 3019 bytes0 -
Maybe its time to use combofix
read this guide carefully http://www.bleepingcomputer.com/combofix/how-to-use-combofix
and after finishing
download combofix and run it. the artical should include the download link0 -
Thank you VirusPING.
I read the tutorial on combofix, downloaded the program, watched it delete a few files, restart my computer and then when bitdefender came on told me I still had the virus!!!!!!!!
So, I was going through some other topics in this particular forum and saw an answer you gave to someone else about using File Assassin. Well believe it or not, that worked, it got rid of my virus. I had previously installed the Unlocker program, which of course is similar, but it could not remove this pesky thing.
File assassin is my new best friend. Thanks for your help and advice.
A further restart, virus scan and a hijack this log showed no sign of the d3dramp32.dll file that has been plaguing me! Hopefully this is the last malware I will get for some time.0 -
Your welcome
0 -
Download Malwarebytes' Anti-malware from here:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Once the download is complete, run the install program, and accept all of the default options. Make sure that the options to Update and Launch the software is checked when you click Finish.
Now, let's make sure that it has all of the latest anti-spyware definitions: click on the Update tab and click the Check for Updates button.
After the updates have been loaded, click on the Scanner tab and choose the Perform Complete Scan option, then click the Scan button.
When the scan is complete, it will show you all of the potentially harmful files on your computer - click the button to remove them automatically.
Paste the scan log here.0
