Anyone seen these possible virus Drivers?

From: Dave (DAnderson_at_Genify.com)
Date: 09/26/05

  • Next message: David H. Lipman: "Re: Anyone seen these possible virus Drivers?" 
    Date: Mon, 26 Sep 2005 13:17:43 -0600

    Over the weekend, I got hit by a virus that caused Windows to be unable to
    reboot.

    I think it was from the site

    http://network.aptimus.com/AptiNet/HTTPHandlerServlet?pid=246136FDB3315318&destURL=http://www.ysbweb.com/install/welcome_end.html

    This was a link form some other site, and after loading this page the
    machine immediately rebooted. On the attempt to reboot, Windows got a driver
    error and again rebooted.

    After going into safe mode, a date search showed that several pieces of
    software had been installed including some drivers. A Google on the driver
    names produces NO hits which I find very unusual.

    The end result was that ysb.dll was added as a Browser Helper Object,

    11 new directories were added to Program Files. These were:

    Gooewer9
    "Pe yware"
    180searchassistant
    SurfAccuracy
    BullsEye Network
    Quick Links
    SideFind
    Power Scan
    Internet Optimizer
    YourSiteBar
    ISTsvc

    The first two directories do not produce a hit on Google!

    One of these contained npf.sys which I know about.

    More importantly, two drivers were added to C:\Windows\system32\Drivers

    These were:

    sii07nt59.sys
    vdmnmdxx9.sys

    Microsoft AntiSpyware did not detect these during a scan. It did detect 180,
    SurfAccuracy, BullsEye, SideFind, Power Scan, Internet Optimizer and YSB.

    I suspected that these were the drivers causing Windows to fail to load. I
    renamed them to .bad and was able to boot back into normal Windows. However,
    a back door (I noticed a command prompt running) caused 180, SurfAccuracy,
    BullsEyem SideFind, Power Scan, Internet Optimizer and YSB to reload.

    Has anyone else come across these two drivers? Any idea what they do?

    Thanks,

    dave anderson
    DAnderson@Genify.com
    A Microsoft Certified Partner

  • Next message: David H. Lipman: "Re: Anyone seen these possible virus Drivers?"

    Relevant Pages

    • Re: Windows problem ... not sure where to start
      ... When y machine does reboot I get the "just recovered from major" crash alert and am asked to report it to MS. ... Video drivers are a common source of problems but since you've been having trouble with the disk I'd be suspicious of the disk drivers which are usually part of the MB chipset drivers. ... After uninstalling several I got a message that popped up saying some windows feature was missing and that the computer rebooted. ... Is there anyway that I can repair the Windows install on the original HD so I ...
      (microsoft.public.windowsxp.general)
    • Re: FC5 and ATi x1300 follow-up
      ... So I uninstalled the two packages mentioned above, and downloaded and installed ATi's own Linux drivers. ... but i thought it is unnessesary because installation is to easy;-) ... reboot to load the new kernel ... That's something I wish would work more or less as advertised, like they do under Windows... ...
      (linux.redhat)
    • Re: WMP 12 (Windows 7) wont play WRMd WMA files
      ... I uninstalled and reinstalled the sound drivers for my audio card 8 times. ... I loaded them from the Device Manager, and it told me it needed to reboot. ... However, on my desktop running Windows 7, a WMP 12 window appears, and I quickly get: ...
      (microsoft.public.windowsmedia.player)
    • RE: PF usage
      ... As a start you could track down which printer drivers you have on it and look ... reboot their machines and more than that it is a single user using the app. ... Windows Server ENT 2003 SP2 Current with updates. ... The image sits on a SAN with 4 Gig fiber connecting it to the ESX server. ...
      (microsoft.public.windows.terminal_services)
    • Anyone seen these possible virus Drivers?
      ... I got hit by a virus that caused Windows to be unable to ... On the attempt to reboot, ... software had been installed including some drivers. ... The first two directories do not produce a hit on Google! ...
      (microsoft.public.security.virus)
    • Quantcast