|
View Full Version : Virus Question - d3dnea.dll
Hello,
I am having a huge problem with a particular file. I have Norton Corporate
7.6 on Windows 2000 SP4 and the real time scan keeps popping up saying
Backdoor.Trojan was found in d3dnea.dll. I updated NAV, tried to
quarantine, but access was denied. I then went into safe mode and tried to
look for it. It doesn't even exist under safe mode. This led me to believe
that it was being created on boot.
I went into the registry and searched for anything I didn't recognize in all
the run keys. I then searched for the filename, and deleted everything that
was there. I rebooted, and real time found it again. I've run two full
system scans, installing the updates manually off Symantec's site in
between. I also installed AVG Free and have run that with no success.
Doesn't even detect it. Does anyone know how I can get rid of this virus?
The full filename is C:\Winnt\system32\d3dnea.dll
I also tried posting this in the anti-virus newsgroups, but my quest there
ended with people arguing back and forth about posting binaries.
Thanks in advance for everyone's help!
Robert
|
Hello,
Without having any more details, I would think that you have a rootkit on your system, or a kit
that is blocking your ability to see this file (and possibly others).
There are several scanners or products on the web that can help detect these files.
Below is some basic information on the subject:
http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Too
ls_in_a_Windows_Environment.html
Thank you for your post.
Kenny Wood
CISSP, MCSE (+S, +M)
PSS Security
Microsoft Corporation
--
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included
script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm
Note: For the benefit of the community-at-large, all responses to this message are best
directed to the newsgroup/thread from which they originated.
--------------------
| From: Robert Brugman
| Newsgroups: microsoft.public.win2000.security
| Subject: Virus Question - d3dnea.dll
| Date: Sat, 24 Jul 2004 19:00:59 -0400
| Organization: Posted via Supernews, http://www.supernews.com
| Message-ID:
| User-Agent: Microsoft-Entourage/11.0.0.040405
| Mime-version: 1.0
| Content-type: text/plain;
| charset="US-ASCII"
| Content-transfer-encoding: 7bit
| X-Complaints-To: abuse@supernews.com
| Lines: 21
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!news-out.cwix.com!newsfeed.cwix.com!
news.maxwell.syr.edu!sn-xit-03!sn-xit-06!sn-post-01!supernews.com!corp.supernews.com!not-
for-mail
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.security:30004
| X-Tomcat-NG: microsoft.public.win2000.security
|
| Hello,
| I am having a huge problem with a particular file. I have Norton Corporate
| 7.6 on Windows 2000 SP4 and the real time scan keeps popping up saying
| Backdoor.Trojan was found in d3dnea.dll. I updated NAV, tried to
| quarantine, but access was denied. I then went into safe mode and tried to
| look for it. It doesn't even exist under safe mode. This led me to believe
| that it was being created on boot.
| I went into the registry and searched for anything I didn't recognize in all
| the run keys. I then searched for the filename, and deleted everything that
| was there. I rebooted, and real time found it again. I've run two full
| system scans, installing the updates manually off Symantec's site in
| between. I also installed AVG Free and have run that with no success.
| Doesn't even detect it. Does anyone know how I can get rid of this virus?
| The full filename is C:\Winnt\system32\d3dnea.dll
| I also tried posting this in the anti-virus newsgroups, but my quest there
| ended with people arguing back and forth about posting binaries.
|
|
| Thanks in advance for everyone's help!
| Robert
|
|
|
On 7/25/04 9:13 PM, in article ZtKR42qcEHA.3848@cpmsftngxa06.phx.gbl, "Kenny
Wood" wrote:
> Hello,
>
> Without having any more details, I would think that you have a rootkit on your
> system, or a kit
> that is blocking your ability to see this file (and possibly others).
>
> There are several scanners or products on the web that can help detect these
> files.
>
> Below is some basic information on the subject:
> http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Root
> kit_Too
> ls_in_a_Windows_Environment.html
>
> Thank you for your post.
>
> Kenny Wood
> CISSP, MCSE (+S, +M)
> PSS Security
> Microsoft Corporation
I am in utter confusion now. I downloaded the programs mentioned in that
link, but my success has been absolutely terrible. I renamed my regedit and
taskmgr applications as administrator as mentioned, and looked through the
processes and registry. I deleted a couple of registry keys (which have
since came back because I deleted them before too), but there is nothing
running. I then used Process Explorer to shut down all the processes I
could without making windows crash. I also ran drivers.exe and
listdlls.exe. I would think since the infected file is a dll, and it can't
be deleted because it's "running" that it would be on the list. Not the
case. Nothing even related to it. I'm almost at the point where I'm going
to have to reinstall windows if I can't figure out how to get rid of this
pest.
Robert
|
Hello Robert.
Give these a try.
TrendMicro also has a Damage Clean up Tool.
I would check that out ASAP.
Not to be rude, but why are you using norton ?
Norton is the worst software there is.
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/
"Robert Brugman" wrote in message
news:BD28626B.F72%underdawg@reaktor6.net...
> Hello,
> I am having a huge problem with a particular file. I have Norton
Corporate
> 7.6 on Windows 2000 SP4 and the real time scan keeps popping up saying
> Backdoor.Trojan was found in d3dnea.dll. I updated NAV, tried to
> quarantine, but access was denied. I then went into safe mode and tried to
> look for it. It doesn't even exist under safe mode. This led me to
believe
> that it was being created on boot.
> I went into the registry and searched for anything I didn't recognize in
all
> the run keys. I then searched for the filename, and deleted everything
that
> was there. I rebooted, and real time found it again. I've run two full
> system scans, installing the updates manually off Symantec's site in
> between. I also installed AVG Free and have run that with no success.
> Doesn't even detect it. Does anyone know how I can get rid of this virus?
> The full filename is C:\Winnt\system32\d3dnea.dll
> I also tried posting this in the anti-virus newsgroups, but my quest there
> ended with people arguing back and forth about posting binaries.
>
>
> Thanks in advance for everyone's help!
> Robert
>
|
I forgot this link.
http://www.trendmicro.com/download/dcs.asp
http://www.trendmicro.com/ftp/products/pattern/lpt945.zip
you need both files, in one folder. click sysclean, let her rip.
"Robert Brugman" wrote in message
news:BD28626B.F72%underdawg@reaktor6.net...
> Hello,
> I am having a huge problem with a particular file. I have Norton
Corporate
> 7.6 on Windows 2000 SP4 and the real time scan keeps popping up saying
> Backdoor.Trojan was found in d3dnea.dll. I updated NAV, tried to
> quarantine, but access was denied. I then went into safe mode and tried to
> look for it. It doesn't even exist under safe mode. This led me to
believe
> that it was being created on boot.
> I went into the registry and searched for anything I didn't recognize in
all
> the run keys. I then searched for the filename, and deleted everything
that
> was there. I rebooted, and real time found it again. I've run two full
> system scans, installing the updates manually off Symantec's site in
> between. I also installed AVG Free and have run that with no success.
> Doesn't even detect it. Does anyone know how I can get rid of this virus?
> The full filename is C:\Winnt\system32\d3dnea.dll
> I also tried posting this in the anti-virus newsgroups, but my quest there
> ended with people arguing back and forth about posting binaries.
>
>
> Thanks in advance for everyone's help!
> Robert
>
|
I figured it out. Norton finally told me something other than
Backdoor.Trojan. This morning it called it Backdoor.Agent.B, and I was able
to get the removal took from AVG and everything is back to normal.
Thanks for all your help!
Robert
On 7/27/04 6:20 AM, in article e$l#FR8cEHA.2376@tk2msftngp13.phx.gbl, "Benn
Wolff" wrote:
> I forgot this link.
> http://www.trendmicro.com/download/dcs.asp
> http://www.trendmicro.com/ftp/products/pattern/lpt945.zip
>
> you need both files, in one folder. click sysclean, let her rip.
>
>
> "Robert Brugman" wrote in message
> news:BD28626B.F72%underdawg@reaktor6.net...
>> Hello,
>> I am having a huge problem with a particular file. I have Norton
> Corporate
>> 7.6 on Windows 2000 SP4 and the real time scan keeps popping up saying
>> Backdoor.Trojan was found in d3dnea.dll. I updated NAV, tried to
>> quarantine, but access was denied. I then went into safe mode and tried to
>> look for it. It doesn't even exist under safe mode. This led me to
> believe
>> that it was being created on boot.
>> I went into the registry and searched for anything I didn't recognize in
> all
>> the run keys. I then searched for the filename, and deleted everything
> that
>> was there. I rebooted, and real time found it again. I've run two full
>> system scans, installing the updates manually off Symantec's site in
>> between. I also installed AVG Free and have run that with no success.
>> Doesn't even detect it. Does anyone know how I can get rid of this virus?
>> The full filename is C:\Winnt\system32\d3dnea.dll
>> I also tried posting this in the anti-virus newsgroups, but my quest there
>> ended with people arguing back and forth about posting binaries.
>>
>>
>> Thanks in advance for everyone's help!
>> Robert
>>
>
>
|
|
|
|