Can not clean it don't know what it is help pls

[imro]

I have been fighting this for a week now with no success.

it has started with bluescreen and with vdnt32.sys mentioned on it.

i have scaned computer with (in safe mode):
AdAware
Pest Patrol
NOD32
Avast
McAfee
Houscall
Bit Deffender
SpyBot S&D
and cleaned everithing what they have found.

after that, every time i have tryied to run any scaner or tried to all offline ppages in normal mode computer would crash with blue screen and vdnt32.sys. I was not able to take one entry out of registry (HKLM\..\Run\mobsync.exe /logon) so i went and renamed the file. after reboot the blue screen problem stoped.

Installed kerio personal firewall and i am recieving request from windows explorer, internet explorer, msn messenger to connect to 69.50.166.194 and 69.50.166.194-custblock.intercage.com, 69.50.165.229 and 69.50.165.229-custblock.intercage.com as soon as windows boots up.

i have ran WinSockFix and LSP fix with no success

I am not able to run process explorer (no error nothing it just would not start) from sysinternals and file monitor file monitor with error message that this account doesnt have debug priviliges althou i have gone to group policy and made sure i have those.

i have ran out of clues ...

Also i was not able to update virus definitions for nod32. i have downloaded trial version and when i try to upddate it, nod would ask me for password. i have browsed through www.eset.com but i were not able to find any clue how to get the password.

thanks for any help in advance

[bigc73542]

I did some googling and came up with this from sophos here and you might look here


bigc

[Blackspear]

Quote:

Originally Posted by imro

Also i was not able to update virus definitions for nod32. i have downloaded trial version and when i try to upddate it, nod would ask me for password. i have browsed through www.eset.com but i were not able to find any clue how to get the password.

Hi Imro, welcome to Wilders.

A Username and Password are required for the paid commercial version of Nod32 (and are provided upon payment for a license). There have been instances where the trial version of Nod32 on certain PC Magazines asked for a UN and PW.

At this point I would suggest downloading and running “Hijack This” found here and posting the HijackThis log at one of the forums found at A-SAP.

The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

Once your system is clean you should take a look here: Why did I get infected in the first place? Also, for further discussions on security and how to make your system that much stronger, see here and here

Cheers

Blackspear.

I had a similar problem with xx.xx.xx.xx-custblock.intercage.com trojan in the backgrouund , as result : homepage hijacking (www.unlimitedpass.com) and a lot of applications installing for them selfs and running (C:\pro2.exe , c:\efefe.exe etc...)

I run almost all spy-adwares available, a lot of untivirus and i always got as result system clean , but virus /trojan keep alive.

After manually checked all processes, registry entries, and modules running still could find what was the reason ,but then...
i remember , what is the first thing to be loaded when Windows start?
EXPLORER.EXE !
Compare yours with a non infected one, the size and date are diferent.
Just use sfc.exe (System File Check)to replace the infected/alterated Explorer.exe for a clean one in the Windows instalation CD .

This is a new spyware-trojan-virus that any of the anti-virus-spyware can´t clean or even detect!

So beaware , i hope this helped u.

Regards,

Angelo Cruz

angelomcruz@sapo.pt