I need some help please!

Hello i am new at your forum and i am also new having nod32 on my pc!
I realy much about computers and my english are not so good!i had a virus got to my pc recently i took my pc to a pcstore but they hapend not to do much!tryong by my self cant do anything about a message it is coming up! so here it is!i will realy apreciaty if you may help me!!!!

probably a variant of Win32/Bancodor.AB trojan found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file C:\WINDOWS\system32\xvid.dll.

 

Hi paulina, welcome to Wilders.

Please check your settings against those found HERE

After this run a scan by following these steps:

1. Click on the NOD32 Control Centre (Green and White split square on the bottom right hand corner of your computers screen).
2. Click on NOD32.
3. Click on Run NOD32.
4. Click on “Scan and Clean”.

Let us know how you go...

Cheers

 

ok thank for your time!
i am just going to check what ever you told me!But i think all the settings are as you say at your msg!I will come back to tell you!
every time i am opening my pc the msg from nod32 is the same it saying to me that i can only Leave not other option then it is star scaning another msg comes up and the delete option is on!so i press delete it is saying to me to restart my pc i am doing it it!things happend to be ok!but when i close my pc and open it the next day the same situation is keep going!
i will do now what you are saying to me and i will be back to informe you!thank you one more time!

 

You are welcome.

With those settings in place there will not be any prompts, everything is automated.

See above answer.

Cheers

 

ok!
i have just done wath ever your msg told me!
I went to the page and i take it after instaling!I have marked many things that they was not checked!
i am now scaning i can see on the top of the scanning this!
[GLOW="probably a variant of Win32/Bancodor.ABtrojan found in operating memory.System memory infection originated from file C:\WINDOWS\system32\xvid.dll."][/GLOW]
this what is keep coming up!!!!i do not know what to do to get it out!!!!how can you help me with this!
scanning this moment is on 57%

 

sorry dint show up as i want it!i meen this msg come up!

probably a variant of Win32/Bancodor.ABtrojan found in operating memory.System memory infection originated from file C:\WINDOWS\system32\xvid.dll.

 

After finnishing scan i have 3 lines in red that says:

C:\System Volum Information\_restore{EBE67A5F-D489-4F9C-9098-8E8ECE5D887A}A0029158.dll-probably a variant of win32/Bacodor.AB trojan

C:\System Volum Information\_restore{EBE67A5F-D489-4F9C-9098-8E8ECE5D887A}A0029197.dll-probably a variant of win32/Bacodor.AB trojan

and one more

C:\WINDOWS\system32\xvid.dll.probably a variant of win32/Bacodor.AB trojan

now it is says to me to restart my pc!i will do it!
but i am sure that this will come up again if i scan!i realy dont know what to do to get it out of my pc and i am so sad because i am trying a week now to fix it but nothing is happening!

 

Hello !

Download Avenger from http://swandog46.geekstogo.com/avenger.zip
Exctact it into new folder

Start Avenger . Choose Load script manually .

Type exactly as written in two line

Click on the button with the lights and choose restart when prompt

After restart , the malware files should be gone

After restart perform full scan with NOD32 to check

How is it now?

 

Ok , restart your machines . Upon restart the dll file should be gone .
If so you can miss my previous post about Avenger.

If the malware comes again , it will be because of System Restore , special function with which saves Windows stuff . You need to disable it .

From FAQ from Blackspear https://www.wilderssecurity.com/showpost.php?p=824161
WARNING: Turning OFF System Restore means you will NOT be able to ROLL BACK your computer to the current state it is in.

Report back your results , pls

 

ok ihave restart my pc ......i must do a scun again to see if the dll files are gone?if they are gone i dont have to download Avenger?

 

Because i am not so good on pc's i am trying to do my best to solve this problem with your help!!!
if i do this :
(Please turn off System Restore: Note by turning OFF System Restore you will NOT be able to ROLL BACK your computer to the current state it is in.

Windows XP Instructions (reference with screen images)

1. Right click on the “My Computer” icon on the Windows desktop.

2. Click “Properties”.

3. Click on the “System Restore”.

4. Place a tick in “Turn off System Restore on all Drives”.

5. Click OK.

6. Close and RESTART your system.


Then please check your NOD32 settings against those found HERE

After this run a further scan with NOD32 by clicking on the NOD32 Control Centre> NOD32> Run NOD32> Scan and Clean.

Let us know how you go...)

then what is going to happend to the system?is it going to be as it is?everytning will work properly?or problelms will come up to the system?i am asking because i do not know

 

i have scaned again!
i have 1 red line on the top of the scanpage same as before!
this:
probably a variant of Win32/Bancodor.ABtrojan found in operating memory.System memory infection originated from file C:\WINDOWS\system32\xvid.dll.

and 2 red lines in the total result

the one is much same as before with a diffrent numbers!

C:\System Volum Information\_restore{EBE67A5F-D489-4F9C-9098-8E8ECE5D887A}A0029216.dll-probably a variant of win32/Bacodor.AB trojan

and this is same as before
C:\WINDOWS\system32\xvid.dll.probably a variant of win32/Bacodor.AB trojan

i hope i am explaning this problem right so you may understand what i am trying to say to you!

 

Hello Paulina .

I would like to start with System Restore . Generally I am not allowed to comment it and suggest turning it off .

Here is what you have , I'll try to explain it so that you can understand

You have a malware -> trojan horse , which is loading in memory and protecting it self very well . Because of the info we have I can't be 100% sure but it is most likely this dll file has "injected" itself into a legitimate Windows process such as explorer.exe . Explorer.exe is a Windows process and because of that well-protected by Windows itself . Because of that it is extremely difficult to any AV software to kill that trojan because it is loaded .

On the other site System Restore is a special function in Windows operating system which helps users to restore their computers to previous states exactly as they were . This is really useful if there is a system crash , for example ot after installing a buggy software , for example . Trojan horses are programs like every others and that's why Windows stores traces in System Restore about them . Windows cannot recongnise that a particual application is unwanted . Again , System Restore is something very important and is protected by Windows .

People need to disable System Restore function temporary because because this will delete all restore points and thus will prevent the malware regenerate from that folder:

Pros of disabling System Restore
Eliminate the malware from that folder and prevent Windows regenerate a copy of the trojan / essential! /

Cons of disabling System Restore
If somehow something bad happens to the system you will not able (in no way) to return back and restore . Anyway , the risk is very small


Generally I am not allowed to advise such thing but ... I would suggest you disable System Restore by the instuctions of Blackspear . This Note by turning OFF System Restore you will NOT be able to ROLL BACK your computer to the current state it is in means that although the risk is little , we cannot guarantee 100% nothing will happed , God this is malware . I have been cleaning computers for some years and have never had problems with System Restore , though .


About the other part
C:\WINDOWS\system32\xvid.dll

Temporary forget about Avenger and anything previous

Download UnDll - the DLL removal utility (author Paolo Monti , ESET Italy) http://www.nod32.it/tools/UNDLL.ZIP

Extract it into a new folder .

Run the application . Choose "Select infected DLL" (C:\WINDOWS\system32\xvid.dll) and follow the instructions .


After restart ,boot in Safe Mode (how: http://support.microsoft.com/kb/315222) follow Blackspear's advise to run full scan from Start->Program->ESET->NOD32

Report back your results ,pls !

 

Hi-tech thank you very much for your replay!
I have understand a lot of what you have wrote to me!
So i will go and fix the system hope to do it well!!!!!if you see that i have not came back meens i have mess up my pc!
i will informe you soon as possible for the results!i will also download what you have sugest about dll.!
i have spoke to the person i have took my pc to fix it and he told me bring it again to do a format!i realy dont know what a format is but he told me my pc will be ok!
so before going to do format i will try what you are telling me to do!
thank you again for your time to write to me!i realy apreciaty it!

 

i have one question before starting do sut down the system if i do it i must restart tha system or it is coming back automaticly?i know this might be a stupid question but as i told you i am not a ginius with pc programming!
please answer to me so i can start on! thank you!

 

Once you turn OFF System Restore, then you can reboot your system and the file will be gone. After this you can turn System Restore back on.

Cheers

 

ok!thank you!
i am on my way to do it!
cross your fingers!

 

One trolling post removed and reply that quoted said post also removed.

Blackspear.

 

ok now here are the results!
i have download the Undll unziped it (realy i didnt know how but i think i have manged it! )
i have run undll programm and when i have opend to find dll files they where so many!i realy didnt know wich one to press!so i went with the direction of the msg that was coming up after scaning this

C:\WINDOWS\system32\xvid.dll
in that file most of them was in color blue but the xvid.dll was black but i have marked it for a scan with undll it did it and told me to restart my pc i did that also!
after i went and marked the system restore and it is still marked i restard my pc again ....after that i checked all the settings of nod32 they were as before (i meen everything ok as you told me by your post to do them!) and i start scaning with nod.....
the results was:
again on the top of the scan page

probably a variant of Win32/Bancodor.ABtrojan found in operating memory.System memory infection originated from file C:\WINDOWS\system32\xvid.dll

then one the results was only this
C:\WINDOWS\system32\xvid.dll.probably a variant of win32/Bacodor.AB trojan

the 2 other msg that was coming on before
:\System Volum Information\_restore{EBE67A5F-D489-4F9C-9098-8E8ECE5D887A}A0029158.dll-probably a variant of win32/Bacodor.AB trojan

C:\System Volum Information\_restore{EBE67A5F-D489-4F9C-9098-8E8ECE5D887A}A0029197.dll-probably a variant of win32/Bacodor.AB trojan
THEY WHERE NOT THERE!!!!

so i think we have fix half problem dont you think?
what is your opinion on this?
do i have to unmark again the system restore?what i must do from this point?
i didnt do a good job to the undll program?

 

Maybe u can find more information in the logfile that UNDLL.EXE made.

The logfile is in the same map where UNDLL.EXE is.

 

You ran Undll.exe before you stopped system restore. Should be done the other way around.

 

cntraltdelete thank you i may check it!

Get you meen to turn of first the system and then to scan with undll?

ouffff dont know what to do.......i need some answers to the questions of my above post..

 

1. Make sure System Restore is turn back on.

2. Reboot your computer

3. Run a further scan with NOD32 by doing the following:

4. Open up the NOD32 Control Centre

5. Click on NOD32> Run NOD32 (on demand scanner)

6. Click on Scan and Clean

7. Let us know if anything is found.

Cheers

 

thank you for your answer!
I have down what youhave told me to turn back on my restor system and i have cliked for scan since the moment that scaning started the same msg came up on the top of the scaning page!
probably a variant of Win32/Bancodor.ABtrojan found in operating memory.System memory infection originated from file C:\WINDOWS\system32\xvid.dll

dont know what else i must do!
do you think it is possible to do what i told you in msg?

 

yes the results of scaning itis the same as before!
C:\WINDOWS\system32\xvid.dll.probably a variant of win32/Bacodor.AB trojan
nothing diffrenet