Can not clean it don't know what it is help pls

Discussion in 'malware problems & news' started by imro, Jan 12, 2005.

Thread Status:
Not open for further replies.
  1. imro

    imro Registered Member

    Jan 12, 2005
    I have been fighting this for a week now with no success.

    it has started with bluescreen and with vdnt32.sys mentioned on it.

    i have scaned computer with (in safe mode):
    Pest Patrol
    Bit Deffender
    SpyBot S&D
    and cleaned everithing what they have found.

    after that, every time i have tryied to run any scaner or tried to all offline ppages in normal mode computer would crash with blue screen and vdnt32.sys. I was not able to take one entry out of registry (HKLM\..\Run\mobsync.exe /logon) so i went and renamed the file. after reboot the blue screen problem stoped.

    Installed kerio personal firewall and i am recieving request from windows explorer, internet explorer, msn messenger to connect to and, and as soon as windows boots up.

    i have ran WinSockFix and LSP fix with no success

    I am not able to run process explorer (no error nothing it just would not start) from sysinternals and file monitor file monitor with error message that this account doesnt have debug priviliges althou i have gone to group policy and made sure i have those.

    i have ran out of clues ...

    Also i was not able to update virus definitions for nod32. i have downloaded trial version and when i try to upddate it, nod would ask me for password. i have browsed through but i were not able to find any clue how to get the password.

    thanks for any help in advance
  2. bigc73542

    bigc73542 Retired Moderator

    Sep 21, 2003
    SW. Oklahoma
    I did some googling and came up with this from sophos here and you might look here


    Attached Files:

  3. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    Hi Imro, welcome to Wilders.

    A Username and Password are required for the paid commercial version of Nod32 (and are provided upon payment for a license). There have been instances where the trial version of Nod32 on certain PC Magazines asked for a UN and PW.

    At this point I would suggest downloading and running “Hijack This” found here and posting the HijackThis log at one of the forums found at A-SAP.

    The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: and Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    Once your system is clean you should take a look here: Why did I get infected in the first place? Also, for further discussions on security and how to make your system that much stronger, see here and here


  4. Angelos

    Angelos Guest

    I had a similar problem with trojan in the backgrouund , as result : homepage hijacking ( and a lot of applications installing for them selfs and running (C:\pro2.exe , c:\efefe.exe etc...)

    I run almost all spy-adwares available, a lot of untivirus and i always got as result system clean , but virus /trojan keep alive.

    After manually checked all processes, registry entries, and modules running still could find what was the reason ,but then...
    i remember , what is the first thing to be loaded when Windows start?
    Compare yours with a non infected one, the size and date are diferent.
    Just use sfc.exe (System File Check)to replace the infected/alterated Explorer.exe for a clean one in the Windows instalation CD .

    This is a new spyware-trojan-virus that any of the anti-virus-spyware can´t clean or even detect!

    So beaware , i hope this helped u.


    Angelo Cruz
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.