How to remove 8DF1484C.dll, 8DF1484C.dat, SysInfo1.dll virus

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I use Dell Pentium 3, Microsoft Windows XP.
When I run Micro Trend House Call virus scanner online,
it show I have virus at:

c:\program files\common files\microsoft shared\MSInfoDF1484C.dll
c:\program files\common files\microsoft shared\MSInfoDF1484C.dat
c:\program files\common files\microsoft shared\MSInfo\SysInfo1.dall
The 8DF1484C files are hidden files.

Micro Trend virus scan online were not able to remove these files.

I am unable to delete it. Even after I deleted it, it will come back after
boot.
Can you please tell me have to manually remove this?

Thank you.

(Please do not recommend those delete exe program or script.
We used it once, and we need to reload our office computer.
Our manager do not allow use these virus removal programs.)




Re: How to remove 8DF1484C.dll, 8DF1484C.dat, SysInfo1.dll virus

Quoted text here. Click to load it

OK. This is the Troj/QQPass-JDD password stealing virus.
But follow the Sophos' Advance write up. I am unable to follow and find
exactly what to remove.
In HKLM\....\Explorer\ShellExecuteHooks
I cannot find what to remove in this? Should I remove this entire entry?

Thank you.



Re: How to remove 8DF1484C.dll, 8DF1484C.dat, SysInfo1.dll virus


Quoted text here. Click to load it
|
| OK. This is the Troj/QQPass-JDD password stealing virus.
| But follow the Sophos' Advance write up. I am unable to follow and find
| exactly what to remove.
| In HKLM\....\Explorer\ShellExecuteHooks
| I cannot find what to remove in this? Should I remove this entire entry?
|
| Thank you.
|

What did Trend Micro call this infector ?
BTW:  It is a Trojan, not a virus.

Start with the Trend Micro module of the following Multi AV Scanning Tool.


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *




--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: How to remove 8DF1484C.dll, 8DF1484C.dat, SysInfo1.dll virus

Quoted text here. Click to load it

Our company had already insist nobody can use any of these register
modifying and system software changing unknown programs.
We are only allow to manually run regedit to clean the systems.
We then, have to write down exactly what we did and make report in detail.





Re: How to remove 8DF1484C.dll, 8DF1484C.dat, SysInfo1.dll virus



| Our company had already insist nobody can use any of these register
| modifying and system software changing unknown programs.
| We are only allow to manually run regedit to clean the systems.
| We then, have to write down exactly what we did and make report in detail.
|

Your company is taking the WRONG approach.
A Trojan can have many variants and each can make different changes to the
Registry.
Each anti virus can call the same infector differently.  Given the same infector
Trend Micro
and Sophos can call two different names.
Any file can be namesd anything.  Just becuase a file has a name used and is
found in one
virus encyclopedia doen't mean the file YOU have is that same file mentioned in
that
encyclopedia.

That's why you need to use an anti virus application that will use a combination
of
signature and heuristic based detection to find, remove, clean and restore teh
system to
pre-infected state.

I asked early on...
What did Trend Micro call this infector ?

I also want you to note that the Trend Micro Houscall utility uses the SANME
engine and
signatures as the Trend Micro Sysclean utility used in the core of my Multi AV
Scanning
Tool.

If you can't use the Multi AV, you can still use the Trend Micro Sysclean
utility.

Otherwise if your company insists "...nobody can use any of these register
modifying and
system software changing unknown programs" then I suggest you back up the system
(such as
Symantec Ghost) and then wipe the system and re-image the system with a known
clean image.

I strongly do NOT suggest manually editing the Registry as you are attempting to
do.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: How to remove SysInfo1.dll virus

Quoted text here. Click to load it

Our company and my boss is doing the right thing to keep our work
environment
safe and orderly for employees.

MicroTrend did not have any name for this, neither are McAfee & Norton has
name for this either.
Sophos called this Troj/QQPass-JDD. They do list the manual removal steps.
But did not say what to remove.




Re: How to remove SysInfo1.dll virus



| Our company and my boss is doing the right thing to keep our work
| environment
| safe and orderly for employees.

| MicroTrend did not have any name for this, neither are McAfee & Norton has
| name for this either.
| Sophos called this Troj/QQPass-JDD. They do list the manual removal steps.
| But did not say what to remove.

Not really.  If this is a "Troj/QQPass-JDD" Trojan then you have a password
Stealing
Trojan and your "work environment" is not "safe".

McAfee and Norton names *all* detected files.

Did you scan with;  McAfee, Norton and Sophos ?


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: How to remove 8DF1484C.dll, 8DF1484C.dat, SysInfo1.dll virus


Quoted text here. Click to load it

Use system restore to restore the PC to a state before the infection.  
I had user with this same infection, PITA to clean off.

Adam
--
Visit my PC Tech blog at www.leinss.com/blog

Site Timeline