Find your solution!

belch175 · 12-Dec-2008, 03:43 PM #1

Hello,

I am having trouble with malware. My Symantec antivirus first found what it is calling a trojan, the file it identifies is ati2dva.dll. I have located the file, it says it is published by 120% alcohol. I have tried to quarantine it, clean it, delete it to no avail. I have even tried to delete it's registry keys, change it's binary, delete the file from dos prompt, everything I can think of. I am either told it the disk is full, write protected, or in use; or the file cannot be deleted. I read a thread that was posted on your site some time ago and tried to follow the instructions there with no success. Ran ComboFix, Hijack This, Malwarebytes, Ad-aware, etc. The good news is I no longer get pop-up messages saying I need to purchase some anti-malware program, the bad news is Symantec constantly and continously identifies it as a threat, my computer runs slow as a result of it continously identifying it and warning me. Computer runs fine with virus scan turned off or in safe mode but I cannot leave it like this. Do you have any suggestions to get me into this file or clean it.

FYI the registery key is:
{63608544-DEE0-49CA-BE63-C03E148FABBF}

and the file name is:
C:\WINDOWS\system32\ati2dva.dll

this was a subfile under the same registry key:
Inproc Server 32

Kenny94 · 12-Dec-2008, 05:59 PM #2

Hi belch175 and Welcome to TSG

It's Vundo variant go here at:

http://forums.techguy.org/malware-re...st-before.html

belch175 · 12-Dec-2008, 07:30 PM #3

Thanks for the post Kenny, I followed the link in your text it took me to a post about Hijackthis. I've tried Hijackthis. Here is the line from the Hijackthis log that is causing all of the trouble:

O2 - BHO: (no name) - {63608544-DEE0-49CA-BE63-C03E148FABBF} - C:\WINDOWS\system32\ati2dva.dll

I click on the "fix checked" it says hijackthis is about to remove the BHO and all coresponding files from my system, but then nothing happens. The list goes blank, as soon as I run another scan there it is again.

I'm stumped.

According to permissions I have full access to it but as soon as I try to delete it, I get a message that "changes could not be saved to key".

I've even tried it in safe mode with explorer.exe killed from both regedit and CMD.

Kenny94 · 12-Dec-2008, 07:53 PM #4

Post a full HijackThis log in the "Malware Removal & HijackThis Logs" Thread..

And one of us will help on this. You really should not be using ComboFix without supervision..

Because ComboFix is a very strong tool!

Thanks Kenny

belch175 · 12-Dec-2008, 07:59 PM #5

Alright will do thanks Kenny

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for: