Unable to remove 'hidden' virus/trojan/worn after wipeing drive

Discussion in 'ESET NOD32 Antivirus' started by videobruce, Feb 16, 2008.

Thread Status:
Not open for further replies.
  1. videobruce

    videobruce Registered Member

    Joined:
    Sep 24, 2004
    Posts:
    29
    Can a virus/trojan/malware/worm etc. reside;

    1. In a motherboards Bios,
    2. In a hard drive after one wipes the drive with zeros'?

    I have 'something' that is creating a duplicate Windows file and putting in the Windows\Systen32\Wins folder called "DLLHOST.EXE" and possibly "SVCHOST.EXE" (in all caps) that starts up by itself and starts send data.

    I use a program called DU Meter and I see this upload activity. I then chexk Task Manager and this "DLLHOST.EXE" shows (again, in all caps) which I notice right off the bat. I can't stop the process unless I boot into Safe Mode.

    My Virus program (NOD32) see that file, but it can't find what is producing it.

    I have wiped the drive using the manufactures 'write zeros to the drive', reformatted and reloade the O/S (orginally XP, now 2k), but this is still here.

    Any ideas as this never happened to me before that I couldn't get rid of the 'problem'.
     
  2. Darth AkSarBen

    Darth AkSarBen Registered Member

    Joined:
    Feb 4, 2008
    Posts:
    109
    Location:
    Near Fennville, MI USA
    SVCHOST.EXE is a Windows XP Operating file. It is normal. I find several instances of it on my computer during ctrl-alt-del It handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated.

    DLLHOST.EXE is a Windows Operating system file. It is a process belonging to Microsoft Windows Operating System. The dllhost.exe file manages DLL based applications. This program is important for the stable and secure running of your computer and should not be terminated.

    If you installed a new OS after formatting AND you wiped the disk with 0's you are pretty safe that it is alright. Low level formatting usually cleans any bugs out of the HD.

    As far as Motherboard BIOS virus... I've never heard of one. You can corrupt a BIOS and you can flash a bad BIOS into your motherboard, but it will keep your computer from booting or some hardware simply won't work. BIOS is a small EPROM storage that establishes hardware function calls and passes them onto the operating system by way of DMI "Desktop Management Interface". Once it's passed on now the OS "knows" what hardware you have and how it's supposed to interact.

    Maybe someone else will chime in here, but I don't think you can even properly boot a computer if the BIOS has been corrupted. BIOS=Basic Input/ Output System.
     
  3. videobruce

    videobruce Registered Member

    Joined:
    Sep 24, 2004
    Posts:
    29
    Ok, I ran this tool;
    http://www.gmer.net/index.php

    It detected a 'hidden module' on the computer that didn't have a problem. It then appears that this is affecting the older PC (with the known problem).

    The problem is it doesn't give me the option to remove this 'hidden module'.
     
  4. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    what hidden module
    please screenshort it
     
  5. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Not true, you can disable dllhost and windows still works fine.
    Ask me I tested most essential system components, I know what you can disable and what not that windows survives a reboot and you still can surf and do most important things on your system.

    Maybe you need a little excursion into chinese spheres.. that will turn your meaning 360°.
     
  6. videobruce

    videobruce Registered Member

    Joined:
    Sep 24, 2004
    Posts:
    29
    Explain??

    proactivelover; There was no name to it and no location. If you go to that site I posted and click on 'FAQ', there is a entry that is the same as what I had (other than the value) in red called 'noname'. I then installed Trend Micros' AntiVirus and it found 7 'trojans' that NOD32 didn't. I re-ran GMER and that 'hidden module' was gone.
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Cool, trend micro usually belongs to the less good scanners but could be good for surprises. How the trojans were named?

    There are some bioskits outthere most of them come from china.

    Beside does anyone know what this filelist represents? I found a temporary file in windows directory, similar to this:
    http://www.csie.ntu.edu.tw/~piaip/prjs/WindowsXPTheme/filelist.xml
     
Thread Status:
Not open for further replies.