NuttySquirrel
May 10th, 2006, 09:04 PM
I'm not sure if this is the right place to post this or not but I think I just found spyware that wasn't picked up by the ewido scanners.
I'd been attempting to get rid of spyware on a family member's computer, and thought that I got rid of it all, but every time I would attempt to connect to the internet Avast Antivirus would display a box saying "There are too many identical emails in appointed time." I researched it online and found out that the machine was trying to send out spam from the machine, meaning I was infected with a worm. I was stumped. I had scanned the machine with Avast, Lavasoft AdAware, Spybot Search and Destroy, ewido anti-malware, Webroot Spysweeper, Trojan Hunter, and HijackThis. I also ran CleanUp! on the machine after I was done scanning. I couldn't believe I was still having problems after scanning with all those programs, and not picking up one leftover spyware object. But I did notice something suspicious in HijackThis. It was something called lpdrmfdq.dll. I googled this dll but found no result. I had seen the letters lpdr and realized it was probably the Leopard Screen Saver that was identified as spyware and removed. But this dll, located in the system32 folder, was still listed. I removed it through HijackThis, but it would keep reappearing. So I tried going into the system32 folder and deleting the dll, but access was denied, even in Safe Mode. So I booted into the Recovery Console, deleted the file, started up XP and wouldn't you know it? No more outgoing spam emails. The machine is clean.
So I do believe that lpdrmfdq.dll is malware and is part of the Leopard Screen Saver malware. I hope my info is useful!
I'd been attempting to get rid of spyware on a family member's computer, and thought that I got rid of it all, but every time I would attempt to connect to the internet Avast Antivirus would display a box saying "There are too many identical emails in appointed time." I researched it online and found out that the machine was trying to send out spam from the machine, meaning I was infected with a worm. I was stumped. I had scanned the machine with Avast, Lavasoft AdAware, Spybot Search and Destroy, ewido anti-malware, Webroot Spysweeper, Trojan Hunter, and HijackThis. I also ran CleanUp! on the machine after I was done scanning. I couldn't believe I was still having problems after scanning with all those programs, and not picking up one leftover spyware object. But I did notice something suspicious in HijackThis. It was something called lpdrmfdq.dll. I googled this dll but found no result. I had seen the letters lpdr and realized it was probably the Leopard Screen Saver that was identified as spyware and removed. But this dll, located in the system32 folder, was still listed. I removed it through HijackThis, but it would keep reappearing. So I tried going into the system32 folder and deleting the dll, but access was denied, even in Safe Mode. So I booted into the Recovery Console, deleted the file, started up XP and wouldn't you know it? No more outgoing spam emails. The machine is clean.
So I do believe that lpdrmfdq.dll is malware and is part of the Leopard Screen Saver malware. I hope my info is useful!