help please

[Guest]

[captainawesum]

Hello,

I'm using windows Vista.
I run a scan on comodo antivirus and it say it found this.

location: C:/Windows/system32/D3DIM700.DLL   
Treat Name: Backdoor.Win32.Poison.aec[at]18259490

Additionally, a spybot S&D run I made yesterday said that I was infected by a russian trojan. I can't really remember the name as it was really wierd.( I should have made a screenshot ) I think it was like Aroushki.ru or something like that. what im sure is that it had the .ru extention with it. Spybot said that the infection was destroyed, but im not so certain since the comodo scan i made today show that I still have a treat. It would be a very strange coincidence...

Anyway I need help bad. Please answer as fast as possible. thank you in advance.

P.S Sorry for my bad english

[captainawesum]

Hello,

I'm using windows Vista.
I run a scan on comodo antivirus and it say it found this.

location: C:/Windows/system32/D3DIM700.DLL   
Treat Name: Backdoor.Win32.Poison.aec[at]18259490

Additionally, a spybot S&D run I made yesterday said that I was infected by a russian trojan. I can't really remember the name as it was really wierd.( I should have made a screenshot Angry) I think it was like Aroushki.ru or something like that. what im sure is that it had the .ru extention with it. Spybot said that the infection was destroyed, but im not so certain since the comodo scan i made today show that I still have a treat. It would be a very strange coincidence...

Anyway I need help bad. Please answer as fast as possible. thank you in advance.

P.S Sorry for my bad english

[Jose_Lisbon]

   Hi.
      You can start with this:
         http://www.malwarebytes.org/   install, update and do a full scan.
         http://www.gmer.net/   save the exe. file and run it. It will only take a few seconds. When it presents you the log confirm if anything is written in red.

   Please post back.

[captainawesum]

thanks for your help man. However malwarebytes dont seem to detect anything, but comodo is...thats strange.

[languy99]

try scanning with Superantispyware just to be sure, what comodo found might have been a leftover file (.dll) that spybot might have not deleted.

superantispyware free http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe

[captainawesum]

mhhhh....never heard of superantispyware before...are you really sure this is a safe application?

Sorry im a little paranoid.

[Jose_Lisbon]

   It's safe.

[languy99]

your funny,  why would a mod send you to a unsafe program?? I would be a mod for very long if I did that.  let us know what you find.

[OmeletGuy]

fyi

I joined both your threads as it is against forum policy to duble post.


Thanks.

[AlphaRosea]

If after you try Malwarebytes and SUPERAntiSpyware (I personally find they're quite similar) you don't find anything or they're broken (by the infection) then perhaps try a2 (a-squared) Free, and even in Windows' safe mode. Its definition files will be kinda large but it's also very good.

[languy99]

if it really is a nasty infection the only real way to remove it is to use a bootable AV, click on the link in my sig and watch the SARDU videos.

[SiberLynx]

Hi captainawesum,

Before you do some damage by running Tools and especially Gmer
please have a look at the Properies of the file
D3DIM700.DLL belongs to Microsoft Direct3D graphics and it is the system file and in the right location C:\Windows\system32\ (at least for XP)
Please check for Vista in particular

Submit the file for analysis to Comodo developers. Please read this thread

Sure we don't rely on file names only and any file can be compromized , but you have to investigate first because removing files from system area even if they are substituted may not be as trivial as deleting them.

Probably not with this particular file , but you can damage your system inoperable by blindly quarantining or deleting files from C:\Windows ... ...\system32\ etc.

My regards

P.S. Properties here:
C:\Windows\system32\d3dim700.dll
Company: Microsoft Corporation
version: 5.03.2600.5512 (xpsp.080413-0845)
Product name: Microsoft® Windows® Operating System

[captainawesum]

ok thanks ya all guys. first of all I want to apologies for double posting...I just didn't knew where to post my problem and have the quickest answer possible.

Next, it seem my problem come from the internet itself.

1: I run a scan
2: I find my problem
3: I delete the infected file
4: I redo another scan. No infection present.
5: I return to the internet. Another infection present itself.

Im not a computer expert, but I think the trojan is attacking my IP and that is why i always get a new infection each time i connect to the net.

I also got some new informations about the freakin russian trojan I got. Its said that it attach itself to the
windows update and antivirus dont detect its entry, since it come from a windows update. If only I could remember the name of this trojan...

[Tags:]