Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Virus issue, High risk

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 04-19-2008
Illusion
 

Posts: n/a
Virus issue, High risk
Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web
server and downloads sevral other virus files..
Tryied to remove it before internet was turn on but no luck.
Got some files wich it downloads as soon as internet is there, but simply
cant remove that host file..
It slows down internet speed by 98% so online scanners cant reach it in time
before it activated another entry for it..
And same with the virus program, since it is in the temp dir i tryied to
only scan that dir but same result..
When the scan was done after 5 sec for temp dir the file had made 112 new
entrys linked to the file so it could not be removed..
Every time u tries to simply delete it it makes some other crappy entry and
resetts..
Virus program ref to utlrexue.dll and lvlpdtev.dll



Mail: Illusion_man79@hotmail.com
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 04-19-2008
Carey Frisch [MVP]
 

Posts: n/a
Re: Virus issue, High risk
Cleaning a Compromised System
http://www.microsoft.com/technet/com...mt/sm0504.mspx

After reformatting your hard drive and reinstalling your operating system,
consider installing a good antivirus program, such as Windows OneCare.
You can try it absolutely FREE for 90 days.
http://onecare.live.com/standard/en-us/default.htm


--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows System & Performance

---------------------------------------------------------------

"Illusion" wrote:

Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web
server and downloads sevral other virus files..
Tryied to remove it before internet was turn on but no luck.
Got some files wich it downloads as soon as internet is there, but simply
cant remove that host file..
It slows down internet speed by 98% so online scanners cant reach it in time
before it activated another entry for it..
And same with the virus program, since it is in the temp dir i tryied to
only scan that dir but same result..
When the scan was done after 5 sec for temp dir the file had made 112 new
entrys linked to the file so it could not be removed..
Every time u tries to simply delete it it makes some other crappy entry and
resetts..
Virus program ref to utlrexue.dll and lvlpdtev.dll



Mail: Illusion_man79@hotmail.com
Reply With Quote
  #3 (permalink)  
Old 04-19-2008
Malke
 

Posts: n/a
Re: Virus issue, High risk
Illusion wrote:

> Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some
> web server and downloads sevral other virus files..
> Tryied to remove it before internet was turn on but no luck.
> Got some files wich it downloads as soon as internet is there, but simply
> cant remove that host file..
> It slows down internet speed by 98% so online scanners cant reach it in
> time before it activated another entry for it..
> And same with the virus program, since it is in the temp dir i tryied to
> only scan that dir but same result..
> When the scan was done after 5 sec for temp dir the file had made 112 new
> entrys linked to the file so it could not be removed..
> Every time u tries to simply delete it it makes some other crappy entry
> and resetts..
> Virus program ref to utlrexue.dll and lvlpdtev.dll


Googling for those names brings up nothing, but this is not surprising since
it is common for viruses/malware to name their files randomly. It does make
it difficult to give you pinpointed removal steps, however. You should go
through these general malware removal steps systematically -
http://www.elephantboycomputers.com/...moving_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. You will
generally be asked to:

1. Download and execute HiJack This! (HJT) -
http://www.trendsecure.com/portal/en...HJTInstall.exe

2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word
wrap"

3. Download/run Deckard's System Scanner -
http://www.techsupportforum.com/sect...eckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post at the
forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.

Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech;
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may be
so infested that Windows will need to be clean-installed. If possible, have
all your data backed up before you take the machine into a shop.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
Reply With Quote
  #4 (permalink)  
Old 04-19-2008
Illusion
 

Posts: n/a
Re: Virus issue, High risk
Got a license for a good av already but it got right throu anyhow.. (!?)
Standard Vista tools as defender didnt even see it coming either..
Defender dosnt even see it now when its infected *lol after a full scan.
It comes up to last 2 files in my first post but misses the main, wich is
the issue here.
Formatting the drive is an option sure but not some im considering since my
thread is about removing this file..
Reason : so u could keep ur current data wich not all in backup tape, and
cant rly tell if last tape is infected 2.
Formatting will only save u some painkillers but in the end u have 1 work
day in data gone..

Got some ideas from another forum wich i gonna try out before i jump in and
format, so lets see where it goes..






"Carey Frisch [MVP]" wrote:

> Cleaning a Compromised System
> http://www.microsoft.com/technet/com...mt/sm0504.mspx
>
> After reformatting your hard drive and reinstalling your operating system,
> consider installing a good antivirus program, such as Windows OneCare.
> You can try it absolutely FREE for 90 days.
> http://onecare.live.com/standard/en-us/default.htm
>
>
> --
> Carey Frisch
> Microsoft MVP
> Windows Desktop Experience -
> Windows System & Performance
>
> ---------------------------------------------------------------
>
> "Illusion" wrote:
>
> Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web
> server and downloads sevral other virus files..
> Tryied to remove it before internet was turn on but no luck.
> Got some files wich it downloads as soon as internet is there, but simply
> cant remove that host file..
> It slows down internet speed by 98% so online scanners cant reach it in time
> before it activated another entry for it..
> And same with the virus program, since it is in the temp dir i tryied to
> only scan that dir but same result..
> When the scan was done after 5 sec for temp dir the file had made 112 new
> entrys linked to the file so it could not be removed..
> Every time u tries to simply delete it it makes some other crappy entry and
> resetts..
> Virus program ref to utlrexue.dll and lvlpdtev.dll
>
>
>
> Mail: Illusion_man79@hotmail.com
>

Reply With Quote
  #5 (permalink)  
Old 04-19-2008
Mick Murphy
 

Posts: n/a
RE: Virus issue, High risk
You could try this way.
Go into Safe Mode with Networking, or just plain Safe Mode by tapping F8 at
Startup, and selecting it from the list.

Run your virus scan from in there.

If that fails, go back to your Dymanic desktop, and uninstall your
anti-virus, and install what I have listed below, Avast.

Also, install anti-spyware programs below. you can also run spybot S&D in
Safe mode.

http://service1.symantec.com/SUPPORT...05033108162039

Above is the link for Norton Removal Tool; if using Norton.

Vista’s Firewall is very good!

http://www.avast.com/eng/download-avast-home.html

Above is a link to Avast Free 4 Home Anti-Virus
It is low resource using, free and Vista 32bit and 64bit compatible.
Only have one (1) anti-virus installed; more than 1 can cause conflicts.

http://www.safer-networking.org/en/index.html

For Spyware removal, use the above link to “Spybot Search & Destroy 1.5.2”
Download it, install it, update it, immunize your system and scan your
System with it.

http://www.javacoolsoftware.com/

For a non-scanning, but running in the background, Program to STOP Spyware
being downloaded to your Computer, use SpywareBlaster 4, available at the
above link.

IMPORTANT ADVICE: After scanning with the above Programs, problems still
remain.

Reboot computer, and tap F8 at power on/ startup. From the list of options
that appears, select Safe mode by using the UP and DOWN Arrows, then hit
ENTER.

Rescan the computer in Safe mode.

--
Mick Murphy - Qld - Australia


"Illusion" wrote:

> Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some web
> server and downloads sevral other virus files..
> Tryied to remove it before internet was turn on but no luck.
> Got some files wich it downloads as soon as internet is there, but simply
> cant remove that host file..
> It slows down internet speed by 98% so online scanners cant reach it in time
> before it activated another entry for it..
> And same with the virus program, since it is in the temp dir i tryied to
> only scan that dir but same result..
> When the scan was done after 5 sec for temp dir the file had made 112 new
> entrys linked to the file so it could not be removed..
> Every time u tries to simply delete it it makes some other crappy entry and
> resetts..
> Virus program ref to utlrexue.dll and lvlpdtev.dll
>
>
>
> Mail: Illusion_man79@hotmail.com

Reply With Quote
  #6 (permalink)  
Old 04-19-2008
Illusion
 

Posts: n/a
Re: Virus issue, High risk
Tnx alot.

Took me less then 60 min to get a hold of a fix, with some help of "ur" post
so tnx alot =)
Got the days data saved and formatting in progress.. (just in case)
Was little worried there for some time since ive been trying to figure this
out for the last 7h.
Finaly time to get some Zzz..




"Malke" wrote:

> Illusion wrote:
>
> > Need any help i can get to remove ddcDwwwW.dll wich in turn contacts some
> > web server and downloads sevral other virus files..
> > Tryied to remove it before internet was turn on but no luck.
> > Got some files wich it downloads as soon as internet is there, but simply
> > cant remove that host file..
> > It slows down internet speed by 98% so online scanners cant reach it in
> > time before it activated another entry for it..
> > And same with the virus program, since it is in the temp dir i tryied to
> > only scan that dir but same result..
> > When the scan was done after 5 sec for temp dir the file had made 112 new
> > entrys linked to the file so it could not be removed..
> > Every time u tries to simply delete it it makes some other crappy entry
> > and resetts..
> > Virus program ref to utlrexue.dll and lvlpdtev.dll

>
> Googling for those names brings up nothing, but this is not surprising since
> it is common for viruses/malware to name their files randomly. It does make
> it difficult to give you pinpointed removal steps, however. You should go
> through these general malware removal steps systematically -
> http://www.elephantboycomputers.com/...moving_Malware
>
> Include scanning with David Lipman's Multi_AV and follow instructions to do
> all scans in Safe Mode. Please see the special Notes regarding using
> Multi_AV in Vista.
>
> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
> http://tinyurl.com/yoeru3 - download link and more instructions
>
> You can also check to see if there are targeted removal steps for your
> malware here:
> Bleeping Computer removal how-to's -
> http://www.bleepingcomputer.com/forums/forum55.html
>
> When all else fails, get guided help. Choose one of the specialty forums
> listed at the first link. Register and read its posting FAQ. You will
> generally be asked to:
>
> 1. Download and execute HiJack This! (HJT) -
> http://www.trendsecure.com/portal/en...HJTInstall.exe
>
> 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word
> wrap"
>
> 3. Download/run Deckard's System Scanner -
> http://www.techsupportforum.com/sect...eckard/dss.exe
>
> 4. Save the scan results (Main.txt and Extra.txt)
>
> 5. And then post the contents of Main.txt and Extra.txt in your post at the
> forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.
>
> Standard disclaimer: I can't see and test your computer myself, so these are
> just suggestions based on many years of being a professional computer tech;
> suggestions based on what you've written. You should not take my
> suggestions as a definitive diagnosis. If you can't do the work yourself
> (and there is no shame in admitting this isn't your cup of tea), take the
> machine to a professional computer repair shop (not your local equivalent
> of BigComputerStore/GeekSquad). Please be aware that not all local shops
> are skilled at removing malware and even if they are, your computer may be
> so infested that Windows will need to be clean-installed. If possible, have
> all your data backed up before you take the machine into a shop.
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers
> www.elephantboycomputers.com
> Don't Panic!
>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SquirrelMail compromise risk elevated to high Steve Security News 0 12-18-2007 04:50
Security World: SquirrelMail compromise risk elevated to high Steve Security News 0 12-17-2007 23:00
IndiaTimes.com Visitors Risk High Exposure To Malware Steve Security News 0 11-10-2007 03:21
British Watchdog: Halt High-Risk E-Voting Steve Security News 0 08-02-2007 20:40
Winnipeg Demands Immobilizers on High-Risk Cars Steve General Technology News 0 06-30-2007 08:00




All times are GMT +1. The time now is 06:06.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120