Jump to content

ZXDNT3D.CFG not detected or removed


Recommended Posts

  • Root Admin

FYI

As posted on another site. MB is not detecting or removing C:\Windows\System32\ZXDNT3D.CFG - appears SAS is having trouble removing it as well.

I've been running SAS and MB scans. MB is saying this is OK. SAS keeps finding C:\Windows\System32\ZXDNT3D.CFG. Every time it finds this file, it says that I need to restart to complete the job. So I restart, run the scan and get this files comes up again and again it says I need to restart to complete the job.

I don't see this in msconfig Startup. I do see the file in C:\Windows\System32

Not sure why MB is not detecting it. Will try to get more details on the MB version and the system.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:41:31 PM, on 4/1/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Link to post
Share on other sites

  • Root Admin

From the guy who is running MB on the infected system.

I'm running MB v1.10. I ran MB which found 3 entries and then power down, power up and run MB again which finds the same entires. I've done this 3 times. It says it has removed the items, but it hasn't. Here's the log.

Malwarebytes' Anti-Malware 1.10

Database version: 587

Scan type: Full Scan (A:\|C:\|)

Objects scanned: 93219

Time elapsed: 19 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Wayne\Start Menu\Programs\Startup\Deewoo.lnk (Malware.Links) -> Quarantined and deleted successfully.

2nd post

The machine is getting Deewoo popups. I had it turned off in msconfig, but it's now enabled again. Messenger and ctfmon have also been enabled in msconfig - I didn't do it.

I'm going to remove the Deewoo files in Win\Sys32 - maybe that will help as SAS and MB aren't working.

3rd post

I used HJT to remove Deewoo - there was another instance of it in Prefetch - something to watch out for.

Anyway, SAS and MB are now not finding anything

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.