VSSMS32 i've tried everything

Discussion in 'Windows - Virus and spyware problems' started by Rhamhoy, Nov 26, 2006.

  1. Rhamhoy

    Rhamhoy Member

    Joined:
    Mar 21, 2006
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    16
    Ok I have Norton Antivirus and Spyware Doctor and Ad-Aware SE. Now I deleted the VSSMS32 entry from the registry as well as vssms32.exe:*:Enabled:Dnode and it hasn't come back, but I think they've moved. But everytime the comp turns on Norton reports VSSMS32.exe and ldapi32.exe it says it removed them but as I said they come back everytime. I know the following files are associated with it
    <Windows>\hkr32.asm
    <System>\ldapi32.exe
    <System>\ntcvx32.dll
    <System>\ntswrl32.dll
    I've tried deleting them all, HKR32.asm disappeared when I moved the mouse over it even though i've deleted it twice, ntcvx32.dll hasn't been making any appearances since I deleted and ldapi32.exe i've never been able to actually pyshically see along with ntswrl32.dll.

    I'm really stuck here and i'm quite creeped out to be honest as apparently this sends passwords and info to the **** who's using it. If anyone has any ideas please tell me i'm completely stumped.
     
    Rhamhoy, Nov 26, 2006
    #1
  2. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Hi Rhamhoy, I apologize for the late reply. We have limited help here and we stay very busy. :)

    As I'm sure you know, that's a relativity serious backdoor. I'm also sure you got that information from sophos.com, which tells you that backdoor can do the following:
    * Allows others to access the computer
    * Drops more malware
    * Reduces system security

    Anything on your computer could have been changed and you not know about it, therefore it is recommended you reformat the HD and reinstall Windows. If you do not have the resources to reinstall Windows I can help you clean the computer, but after having a backdoor, many experts believe the computer can never be trusted again without a reformat.

    If you would like to try to clean the computer please post a HijackThis log and I will help you.

    Download HijackThis
    Extract the file to a permanent folder.
    Open HijackThis and "Do a system scan and save a log file".
    Post that log here.
     
    Niobis, Nov 27, 2006
    #2
  3. Rhamhoy

    Rhamhoy Member

    Joined:
    Mar 21, 2006
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    16
    No problem, sorry for my slow reply lol

    Well my internet gave in on Monday night and I decided the only thing I could really do was reformat the drive. I had a Compaq destructive system restore on the system and decided it was the way to go. It reset the computer to factory settings so I imagine everything should be ok. Just a pity I lost all my files :(

    Thanks anyway
     
    Rhamhoy, Nov 29, 2006
    #3

Share This Page