Unable to remove 'hidden' virus/trojan/worn after wipeing drive

[videobruce]

Can a virus/trojan/malware/worm etc. reside;

1. In a motherboards Bios,
2. In a hard drive after one wipes the drive with zeros'?

I have 'something' that is creating a duplicate Windows file and putting in the Windows\Systen32\Wins folder called "DLLHOST.EXE" and possibly "SVCHOST.EXE" (in all caps) that starts up by itself and starts send data.

I use a program called DU Meter and I see this upload activity. I then chexk Task Manager and this "DLLHOST.EXE" shows (again, in all caps) which I notice right off the bat. I can't stop the process unless I boot into Safe Mode.

My Virus program (NOD32) see that file, but it can't find what is producing it.

I have wiped the drive using the manufactures 'write zeros to the drive', reformatted and reloade the O/S (orginally XP, now 2k), but this is still here.

Any ideas as this never happened to me before that I couldn't get rid of the 'problem'.

[Darth AkSarBen]

SVCHOST.EXE is a Windows XP Operating file. It is normal. I find several instances of it on my computer during ctrl-alt-del It handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated.

DLLHOST.EXE is a Windows Operating system file. It is a process belonging to Microsoft Windows Operating System. The dllhost.exe file manages DLL based applications. This program is important for the stable and secure running of your computer and should not be terminated.

If you installed a new OS after formatting AND you wiped the disk with 0's you are pretty safe that it is alright. Low level formatting usually cleans any bugs out of the HD.

As far as Motherboard BIOS virus... I've never heard of one. You can corrupt a BIOS and you can flash a bad BIOS into your motherboard, but it will keep your computer from booting or some hardware simply won't work. BIOS is a small EPROM storage that establishes hardware function calls and passes them onto the operating system by way of DMI "Desktop Management Interface". Once it's passed on now the OS "knows" what hardware you have and how it's supposed to interact.

Maybe someone else will chime in here, but I don't think you can even properly boot a computer if the BIOS has been corrupted. BIOS=Basic Input/ Output System.

[videobruce]

Ok, I ran this tool;
http://www.gmer.net/index.php

It detected a 'hidden module' on the computer that didn't have a problem. It then appears that this is affecting the older PC (with the known problem).

The problem is it doesn't give me the option to remove this 'hidden module'.

[proactivelover]

what hidden module
please screenshort it

[SystemJunkie]

Quote:

This program is important for the stable and secure running of your computer and should not be terminated.

Not true, you can disable dllhost and windows still works fine.
Ask me I tested most essential system components, I know what you can disable and what not that windows survives a reboot and you still can surf and do most important things on your system.

Quote:

but I don't think you can even properly boot a computer if the BIOS has been corrupted. BIOS=Basic Input/ Output System.

Maybe you need a little excursion into chinese spheres.. that will turn your meaning 360°.

[videobruce]

Quote:

Maybe you need a little excursion into chinese spheres.. that will turn your meaning 360°.

Explain??

proactivelover; There was no name to it and no location. If you go to that site I posted and click on 'FAQ', there is a entry that is the same as what I had (other than the value) in red called 'noname'. I then installed Trend Micros' AntiVirus and it found 7 'trojans' that NOD32 didn't. I re-ran GMER and that 'hidden module' was gone.

[SystemJunkie]

Quote:

I then installed Trend Micros' AntiVirus and it found 7 'trojans' that NOD32 didn't. I re-ran GMER and that 'hidden module' was gone.

Cool, trend micro usually belongs to the less good scanners but could be good for surprises. How the trojans were named?

Quote:

Explain??

There are some bioskits outthere most of them come from china.

Beside does anyone know what this filelist represents? I found a temporary file in windows directory, similar to this:
http://www.csie.ntu.edu.tw/~piaip/pr...e/filelist.xml