Help with msdirectx...trojan horse collected, trojan
Results 1 to 9 of 9

Thread: Help with msdirectx...trojan horse collected, trojan

  1. #1
    Junior Member
    Join Date
    Dec 2005
    Posts
    3

    Unhappy Help with msdirectx...trojan horse collected, trojan

    Please help me with this situation:
    I am running win98 and noticed when I booted up that my AVG scanner detected a virus called msdirectx trojan horse collected (or something close to this). I was able to boot up and ran AVG, AdAware, CCleaner and did a scandisk. The AVG scan found the trojan in four places and I deleted them. To see if all was well I shut-down and tried to boot back up but just couldn't get it to do so. It seems that everything is nearly ready to go and then the computer just freezes. I have no choice then but to just shut it down and try again but it clearly is not working. Any help would be greatly appreciated.

  2. #2
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Is the problem that you cannot reboot, or do you think the vius is not fully removed? If it is the later, see below.

    I could have the wrong virus here, but if this is the one, I suggest you try using the Symantec instructions on how to get rid of it.

    http://securityresponse.symantec.com...oor.sdbot.html

    If that is not the right one, see if your AV program has a link to a removal instruction.

    Hope that helps.
    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  3. #3
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    check for this :

    http://www.auditmypc.com/process/msdirectx.asp

    http://securityresponse.symantec.com...teal.navu.html

    You have found a virus which is 3 years old on your computer and that also at 4 place's on your computer so need to find the cause of entry, is your antivirus updated ? is your windows updated ? do you use a firewall ? provide more information.

    anyway its better if you restart in safe mode and run all your malware cleaners.
    then do an online scan at trendmicro (housecall)

    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  4. #4
    Senior Member
    Join Date
    Nov 2005
    Posts
    316
    dont remember if during the start up win98 comes up with the option of safe mode.

    other wise you will definately have to use the boot up disks.

    second option-
    try starting in msdos mode. navigate all the way to startup folder and delete everything there.

    also we will be able to run some of the checks in msdos mode
    you are entering the vicinity of an area adjecent to the location.

  5. #5
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  6. #6
    Junior Member
    Join Date
    Dec 2005
    Posts
    3
    bytewrangler....... ( and others)

    thanks for the starting place. i will have to wait until I get home from work to try these out and keep you informed of what happens.

    As far as your other questions..... AVG was updated but this computer had been running with an outdated virus scanner for some time. I have up to date Adware and CCleaner. The machine has a firewall to my knowledge via the cable modem supplier (If not how do I find out whether it is there or not). windows is probably not updated to the extent win98 can be.

    I will try to start-up in safe mode by using the F8 method and then follow the rest of your instructions.

    Timmyo

  7. #7
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Found this info at Antisource may relate to your problem and it has a few comments about removing.

    It didn't mention system specifics i.e. WinXp or Win2000 or Win98, but if you follow some of the instructions you may find some of the info relates...

    Generic: Rootkit
    Infects through: MSN

    The file is msnt.exe in windows/system32 (search from cmd prompt in safe mode). This file generates msdirectx.sys (also in windows/prefetch) - no matter what you rename this file it will amend registry entries to match your rename.

    Solution:
    - Boot in safe mode (F8)
    - start, run msconfig
    - remove msnt.exe from start list
    - reboot in safe mode
    - from command prompt, go to c: and check for msdirectx.sys and delete it
    - go to windows/system32, check for msdirectx.sys and delete it
    - go to windows/prefetch & search for a file with msnt in its name and delete

    Search for msdirectx in the registry and find the corresponding name. Note the name of the file it corresponds to (in my case this was msnt.exe). Delete all entries of msdirectx.sys. Now search for the corresponding file name (msnt.exe) in the registry and delete all of these entries.

    My infection had multiple registry entries as follows:

    Compaq system drivers = msnt.exe

    Delete all of these and also do a search for msdirectx.exe again.

    After you are able to boot into normal mode...............
    Run a couple of online scans from
    Trend Micro Housecall

    or

    From Panda Online

    make sure your Win 98 has all of the security patches.......and ensure your AV is up to date.
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  8. #8
    Junior Member
    Join Date
    Dec 2005
    Posts
    3
    Guys,

    I was not able to work on my pc until last night. I have had some success but have some more questions and "fears" related to this situation.

    I started my comuter up in safe mode and was therefore able to run an AVG scan, the scan identified the trojan horse and deleted it. Three other things showed up in that scan...1. it said the boot sector of the disk had a reading error 2. the partition table [MBR] had a read error and the file users32.sys (i think that was the name) had "change" next to it and it said it was "changed" whatever that means.

    I went in to my resistry and backed-it up then did a search for the msdirectx.* and found it. I deleted it and based on some other information I found somewhere else I searched for a file called pswrd.* and found it in the same place and deleted it.

    I then went to msconfig and went to the start-up tab (i think that was the name) in there there were three entries for a process called strta LO71 (i think that is correct) anyway I unchecked all of these.

    I then tried to boot up in normal mode and the computer came up fine. I ran the scanner and found nothing this time. The partition table was OK now but the boot sector was still showing a read error and the user32.sys still showed change.

    I am now fearful to turn my computer off because I don't want to not be able start-up again.

    finally, when I start AVG it says that my definitions are not up to date and that I need to reboot, it does this over and over again so all I would be doing is rebooting. what could this be all about.

    sorry so long.

    timmyo

  9. #9
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi

    Did you try the online scans to make sure they didn't catch anything else?

    Also if you are having issues with AVG, and you don't want to reboot, try removing AVG and reinstalling the program, you may have to do a system restart afterwards, but you should still be able to get into safe mode.

    If this doesn't resolve this issue, make copies of all of your personal data and as long as you still have the original CD, you can do a Fdisk (Format) and reinstall the Win 98.Reformat Hard Drive FAQ

    Note: As soon as you do this and connect to the internet, the first place you should go is Windows Update and get all of the Win 98 patches (may be awhile), then download AVG again ASAP, and get Zone Alarm for the Firewall.
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •