Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

AppData\Temp\ddaby.exe

Introduce Yourself






Speedup My PC
Reply
  #1 (permalink)  
Old 02-03-2008
 

Join Date: Feb 2008
Posts: 7
theparkers is on a distinguished road
Thanks: 0
Thanked 0 Times in 0 Posts
AppData\Temp\ddaby.exe
when windows starts up I get coming up on my screenC:\Users\THEPAR~1\AppData\Temp\ddaby.exe coming up on my screen and it asks me to fix or get rid of it. Can anyone tell me how to get rid of it (I think it is a virus is it) Please help. Note I am not very technical with computers , so if anyone can help you will need to treat me like a baby (real simple) thank you.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 02-04-2008
Paul's Avatar
Moderator
 

Join Date: Feb 2007
Location: wicklow mts
Posts: 10,488
Paul will become famous soon enough
Thanks: 1
Thanked 7 Times in 7 Posts
Hi theparkers

Welcome aboard, the file ddaby.exe is associated with the trojan vundo and Dropper.Agent.GIT. First off try this vundo removal tool, read the instructions b4 clicking download Trojan.Vundo Removal Tool - Symantec.com and let us know ho you get on,

Regards

Paul
Reply With Quote
  #3 (permalink)  
Old 02-06-2008
 

Join Date: Feb 2008
Posts: 7
theparkers is on a distinguished road
Thanks: 0
Thanked 0 Times in 0 Posts
AppData\Temp\ddaby.exe (Removal Tool)
Hi Paul,

I really appreciate your help but I have downloaded the removal tool and now it's saying it's not there but when I start up windows again it is there to haunt me again telling me to remove so now I have no idea???? Please if you have any other sugestions I would really look forward to hearing from you or anyone else that might know thank you.
Reply With Quote
  #4 (permalink)  
Old 02-06-2008
 

Join Date: Feb 2008
Posts: 7
theparkers is on a distinguished road
Thanks: 0
Thanked 0 Times in 0 Posts
AppData\Temp\ddaby.exe (URGENT HELP)
Hi Paul or anyone who can help please,

I have now been removed as the administrator when I try to use the removal tool which to me means it has really got to my system now. I downloaded SpyHunter3 and it is saying I have lots of infections should I register and will it get rid of it or is there something else I need to do. I have Norton but that doesn't seem to be doing anything. I will not be using this computer to read my emails as I think it is too risky I'll do it through the web at work, I think this is my only way to communicate with you. Please if there is anything you can do, thank you
Reply With Quote
  #5 (permalink)  
Old 02-06-2008
 

Join Date: Feb 2008
Posts: 4
Darryl_Licht is on a distinguished road
Thanks: 0
Thanked 0 Times in 0 Posts
Try researching this trojan horse virus (vundo) at Virus, Spyware, Internet Protection | Security Response - Symantec Corp.

You don't have antivirus software??? If you dont its the same thing as walking down a dirty inner city alley and jabbing used hypodermic needles into your arm! Sooner or later you are going to catch something nasty!

If you need antivirus try avgfree from Grisoft... its free and it works!
Reply With Quote
  #6 (permalink)  
Old 02-07-2008
 

Join Date: Feb 2008
Posts: 7
theparkers is on a distinguished road
Thanks: 0
Thanked 0 Times in 0 Posts
AppData\Temp|ddaby.exe (anti virus)
Hi Darryl

Yes I do have Norton thanks anyway.
I just can't get rid of Vundo and Norton isn't doing it
Reply With Quote
  #7 (permalink)  
Old 02-07-2008
 

Join Date: Feb 2008
Posts: 4
Darryl_Licht is on a distinguished road
Thanks: 0
Thanked 0 Times in 0 Posts
Hi theparkers:

This is a long one, but I went to sarc.com and found the removal instructions for your vundo trojan virus.


Discovered: November 20, 2004
Updated: February 13, 2007 12:30:10 PM
Also Known As: Vundo [McAfee], Vundo.dldr [McAfee]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Removal using the Removal Tool
Symantec Security Response has developed a removal tool to clean the infections of Trojan.Vundo. This is the preferred method in most cases.

Manual Removal
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode or VGA mode.
Run a full system scan and delete all the files detected as Trojan.Vundo.
Reverse the changes made to the registry.

For details on each of these steps, read the following instructions.

1. To disable System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
"How to disable or enable Windows Me System Restore"
"How to turn off or turn on Windows XP System Restore"


Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, re-enable System Restore by following the instructions in the aforementioned documents.

For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article, "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder," Article ID: Q263455.

2. To update the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:

Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

3. To restart the computer in Safe mode or VGA mode

Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode with Command Prompt or VGA mode.
For Windows 95, 98, Me, 2000, or XP users, restart the computer in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."
For Windows NT 4 users, restart the computer in VGA mode.

4. To scan for and delete the infected files
Start your Symantec antivirus program and make sure that it is configured to scan all the files.
For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."
For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan all files."
Run a full system scan.
If any files are detected as infected with Trojan.Vundo, click Delete.

5. To reverse the changes made to the registry


Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.


Click Start > Run.
Type regedit

Then click OK.


Navigate to the keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLE vents\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLE vents.1\CLSID


In the right pane, delete the value:

"[Default value]" = "{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}"


Navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Runonce


If it exists, in the right pane, delete the value:

"*WinLogon = "[Trojan full path file name] ren time:[random number]"


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce


If it exists, in the right pane, delete the value:

"*[Trojan file name]" = "[Trojan full path file name] rerun"


Navigate to the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\


If it exists, in the right pane, delete the value:

"*[Trojan file name]" = "[Trojan full path file name]"


Navigate to and delete the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ActiveState
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02F96FB 7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\
Browser Helper Objects\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2353FCB C-012D-487B-8BF3-865C0929FBEB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLDistrib.ATL Distrib\CLSID\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLDistrib.ATL Distrib.1\CLSID\
HKEY_USERS\S-1-5-21-2068663838-1736639611-1443527720-500\Software\Microsoft\Windows
\CurrentVersion\Ext\Stats\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22E85F2 A-4A67-4835-B2C3-C575FE4EC322}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADOUsefulNet.A DOUsefulNet
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADOUsefulNet.A DOUsefulNet.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{22E85F2A-4A67-4835-B2C3-C575FE4EC322}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DE8BDE42-16D9-4CCC-9F4F-1C3167B82F60}
HKEY_CLASSES_ROOT\CLSID\{DE8BDE42-16D9-4CCC-9F4F-1C3167B82F60}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPCUpdater.DPC Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DPCUpdater.DPC Updater.1


Exit the Registry Editor.


Restart the computer in Normal mode. For instructions, read the section on returning to Normal mode in the document, "How to start the computer in Safe Mode."
Reply With Quote
  #8 (permalink)  
Old 02-08-2008
Steve's Avatar
Moderator
 

Join Date: Sep 2006
Location: Emerald Isle
Posts: 88,334
Steve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant future
Thanks: 24
Thanked 178 Times in 45 Posts
Hi theparkers,

can you go to Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro USA and run a scan.

Also can you download a program called Hijackthis from http://www.merijn.org/files/HiJackThis_v2.exe and follow the quickstart at HijackThis - Quick Start! | What the Tech

Please post he contents of the Hijackthis log here and we can take step by step from there,

regards

Steve
Reply With Quote
  #9 (permalink)  
Old 02-16-2008
 

Join Date: Feb 2008
Posts: 7
theparkers is on a distinguished road
Thanks: 0
Thanked 0 Times in 0 Posts
too late
Hi Steve

I'm back on line now, and I'm sorry I didn't get a chance to try your suggestions because when I spoke to afriend who has had this Vundo he said he couldn't get rid of it and had to restore his program or something like that, and he said I should ring the company I bought my computer from, which I did. They told me to back up onto disc what I could and to restart my computer and press f10 and follow the promps which I did, but because well I think because I also had linus suse10.3 which isn't bad if you can understand it, well any how it wouldn't work so I had to take my computer in to be reinstalled and as you would know that worked but costly. I really apprecicate the help that everyone has tried to give me a thumbs up to Vistaheads
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
C:\Users\User\AppData\Local\Temp todd microsoft.public.windows.vista.file management 3 01-18-2008 07:16
AppData/Local/Temp/Low Verzeichnis Thomas Steinbach microsoft.public.de.windows.vista.sonstiges 4 12-11-2007 18:42
Appdata/local/temp folder KRK microsoft.public.windows.vista.general 1 12-10-2007 16:21
How can I find Temp files in AppData Rosy Colours microsoft.public.windows.vista.file management 4 09-23-2007 15:56
c:\users\steve\appdata\local\temp DrFeelgood microsoft.public.windows.vista.performance maintenance 5 07-11-2007 17:29




All times are GMT +1. The time now is 21:22.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120