Click here to get back home

d3dxo.dll virus-how to get rid of
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.security.virus    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
d3dxo.dll virus-how to get rid of Fonz 11-14-2007
Posted by Fonz on November 14, 2007, 12:51 am
Please log in for more thread options
| Hi David, After reading your answer to this post i went to Task Manger
| and found five (5) svchost.exe services running - 3 Network Services ,
| and 2 System. Now after seeing your answer and checking
| Process Library and finding out this svchost.exe could be used by a
| Trojan, How can i find out the path's of these services in Task Manger
| like in your example? Thanks Ron (Defender)
|

It is common to have multiple SVCHOST.EXE processes running. Each load
specifcommunication
capabilities of the OS.

Like I said, it is not the name of the file that is important, it is the Fully
Qualified
Name and Path to that file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Fonz on November 14, 2007, 4:13 am
Please log in for more thread options
| Hi David, After reading your answer to this post i went to Task Manger
| and found five (5) svchost.exe services running - 3 Network Services ,
| and 2 System. Now after seeing your answer and checking
| Process Library and finding out this svchost.exe could be used by a
| Trojan, How can i find out the path's of these services in Task Manger
| like in your example? Thanks Ron (Defender)
|

It is common to have multiple SVCHOST.EXE processes running. Each load
specifcommunication
capabilities of the OS.

Like I said, it is not the name of the file that is important, it is the Fully
Qualified
Name and Path to that file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Newell White on November 14, 2007, 5:14 am
Please log in for more thread options

| Hi David, After reading your answer to this post i went to Task Manger
| and found five (5) svchost.exe services running - 3 Network Services ,
| and 2 System. Now after seeing your answer and checking
| Process Library and finding out this svchost.exe could be used by a
| Trojan, How can i find out the path's of these services in Task Manger
| like in your example? Thanks Ron (Defender)
|

It is common to have multiple SVCHOST.EXE processes running. Each load
specifcommunication
capabilities of the OS.

Like I said, it is not the name of the file that is important, it is the Fully
Qualified
Name and Path to that file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by AVG No good use on February 2, 2008, 12:51 am
Please log in for more thread options
zone alarm is an adware and a pain in the ass, it is very atrusive

"Newell White" wrote:

> 1) In Windows Explorer, record modified date/time of d3dxo.dll
> 2) Rename it by adding zzx_ prefix.
> 3) Get Internet Explorer to delete all temporary files and downloaded
> program files.
> 4) Reboot.
>
> If d3dxo.dll re-appears, continue:
> 5) Rename it again
> 6) In Explorer, search C:\ for all files modified on the date you recorded
> in (1) above. Sort into time order and rename all files of the same size as
> d3dxo.dll modified within 2 minutes of the time you recorded.
> 7) Record paths of all other files modified in this time window - they are
> suspects.
> 8) Reboot with no network connection.
> 9) If d3dxo.dll does not appear, the only other thing to guard against is an
> intruder program that calls home to download the files you renamed.
> 10) Plug into the network, and if you don't have a software firewall which
> alerts on outgoing traffic, install one - e.g. free version of Zone Alarm.
> 11) Make sure the infection has not already re-appeared, and reboot again.
> 12) Zone alarm should alert you if one of the suspects tries to call home.
> Re-name it.
> 13) If you want to, delete the renamed files.
> --
> HTH,
> Newell White
>
>
> "Fonz" wrote:
>
> > I've tried unregistering the dll, but I get an error message of access
> > denied all the time. Any other ideas?
> > How do I found out what is activating the DLL?
> > Thanks again,
> > Rob.
> >
> > > Good Morning all.
> > > I'm trying to get rid of a virus which has been found in
> > > C:/windows/system32 folder called:
> > > d3dxo.dll. Looking on the internet revels it may be a very benign virus,
> > > with limited security concerns, but... who knows.
> > >
> > > I'm using AVG which is up to date, and every time I open an explorer page
> > > I get warnings. I try to put it into a virus vault and delete, but it's
> > > always there, even after a reboot.
> > > tried deleteing in the command mode and it stated access denied.
> > > Any help is appreciated.
> > > Rob
> > > Australia.
> > >
> > >
> >
> >
> >

Posted by Ckyp on November 14, 2007, 3:14 pm
Please log in for more thread options

| Hi David, After reading your answer to this post i went to Task Manger
| and found five (5) svchost.exe services running - 3 Network Services ,
| and 2 System. Now after seeing your answer and checking
| Process Library and finding out this svchost.exe could be used by a
| Trojan, How can i find out the path's of these services in Task Manger
| like in your example? Thanks Ron (Defender)
|

It is common to have multiple SVCHOST.EXE processes running. Each load
specifcommunication
capabilities of the OS.

Like I said, it is not the name of the file that is important, it is the Fully
Qualified
Name and Path to that file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp




Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap