Re: New Virus hiding in OS?

From: "gimmyagame" <gimmyagame@xxxxxxxx>

| Running Win2000 SP4 with all the updates. McAfee 10 with current DAT
| file.
|
| Noticed my computer a little sluggish than down right slow. Looked in
| task manage to find dllhost32.exe running 5 intenses and using 100%
| CPU. Every time I closed these, computer would return to normal until I
| opened another app such as IE or Nero. Than two instances would appear
| of the application one real and one fake, than shortly after another
| dllhost32.exe, which seemed to spawn new instances of dllhost32.exe.
|
| Tried McAfee, AVG, Ad Aware, Spyware Doctor, and many others with no
| luck even being told there was an issue on my computer. I uninstalled
| the .net framework after 8 hours of hoping to remove this, after
| reading another post where this seemed to fix his issue, it seemed to
| work. Accept now all of my shortcuts in the program list, quick launch
| or desktop where no longer valid this "virus had changed them to
| example "C:\Program Files\XviD\Data\resources\StatsReader.exe" the
| Data\resources doesn't belong
|
| I use two different logons this machine one for personal and one for
| work when I changed users same problem again. This time I unprotected
| hidden OS files and located dllhost32.exe on the root of C deleted it
| and in every program file folder it had a hidden OS file Data/
| Resources/ . I have now deleted all of these hidden data files and the
| issue has stopped.
|
| Any thoughts here
|
| Thanks in advance
|
| D

dllhost32.exe is NOT letigitimafe and could be a BOT such as the AGOBot.
This may e NEW variant.


Please submit a sample of "dllhost32.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@xxxxxxxxxxxxxx?subject=SCAN

When you get the report, please post back the exact results.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

Relevant Pages

  • Re: help with removing hostkill trojan
    ... > download the files and perform a scan in Normal Mode. ... It is suggested to run the scanners in both Safe Mode and Normal ...
    (microsoft.public.security.virus)
  • Re: New Virus hiding in OS?
    ... The submission will then be tested against many different AV vendor's scanners. ... FireWall to allow it to download the needed AV vendor related files. ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... It is suggested to run the scanners in both Safe Mode and Normal Mode. ...
    (microsoft.public.security.virus)
  • Re: Something hijacking URLs and directing browser to porno site
    ... provides scanners for; ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ... It is suggested to run the scanners in both Safe Mode and Normal Mode. ...
    (alt.comp.anti-virus)
  • Re: Virus Attack??
    ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ... It is suggested to run the scanners in both Safe Mode and Normal Mode. ...
    (microsoft.public.win2000.general)
  • Re: has anyone found trojan-backdoor-soundcheck ?
    ... The following tool provides scanners from; McAfee, Sophos, Trend Micro and Kaspersky. ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ... It is suggested to run the scanners in both Safe Mode and Normal Mode. ...
    (alt.comp.anti-virus)
Loading