Hi,

The file on my Win XP Pro SP2 PC called dmserver.dll - located here
c:\Windows\system32\dmserver.dll - has a virus according to my anti-virus
software and confirmed by virusscan.jotti.org where 5 of the AV checkers
showed a positive.

I've no idea how to restore a clean version of dmserver.dll can someone tell
me how please?

Extra important info.: Today I installed a new SATA hard disk and a SATA II
controller card for it. After installation I pointed the XP 'found new
hardware wizard' to the controller card's CD for the drivers, all seemed
fine until I went to Control Panel -> Computer Management -> Storage -> Disk
Management to format the new drive. It was when I tried to access Disk
Management that I first got the 'Virus Threat Detected' which meant I could
not load the Logical Disk Manager Service, which is the file dmserver.dll,
to format the hard disk.

Could this just be coincidence? An anti-virus scan of the controller card's
drivers CD resulted in 'no threats found'.

Please advise, I'm stuck.

Thanks and regards, etc..

That file IS the virus - or part thereof. Why would you want to replace it?

http://www.auditmypc.com/process/dmserver.asp

--

Richard Urban
Microsoft MVP
Windows Desktop Experience


"Poster Matt" <postermatt@no_spam_for_me.org> wrote in message
news:n1cEk.64464$(E-Mail Removed)...
> Hi,
>
> The file on my Win XP Pro SP2 PC called dmserver.dll - located here
> c:\Windows\system32\dmserver.dll - has a virus according to my anti-virus
> software and confirmed by virusscan.jotti.org where 5 of the AV checkers
> showed a positive.
>
> I've no idea how to restore a clean version of dmserver.dll can someone
> tell me how please?
>
> Extra important info.: Today I installed a new SATA hard disk and a SATA
> II controller card for it. After installation I pointed the XP 'found new
> hardware wizard' to the controller card's CD for the drivers, all seemed
> fine until I went to Control Panel -> Computer Management -> Storage ->
> Disk Management to format the new drive. It was when I tried to access
> Disk Management that I first got the 'Virus Threat Detected' which meant I
> could not load the Logical Disk Manager Service, which is the file
> dmserver.dll, to format the hard disk.
>
> Could this just be coincidence? An anti-virus scan of the controller
> card's drivers CD resulted in 'no threats found'.
>
> Please advise, I'm stuck.
>
> Thanks and regards, etc..

From: "Poster Matt" <postermatt@no_spam_for_me.org>

| Hi,

| The file on my Win XP Pro SP2 PC called dmserver.dll - located here
| c:\Windows\system32\dmserver.dll - has a virus according to my anti-virus
| software and confirmed by virusscan.jotti.org where 5 of the AV checkers
| showed a positive.

| I've no idea how to restore a clean version of dmserver.dll can someone tell
| me how please?

| Extra important info.: Today I installed a new SATA hard disk and a SATA II
| controller card for it. After installation I pointed the XP 'found new
| hardware wizard' to the controller card's CD for the drivers, all seemed
| fine until I went to Control Panel -> Computer Management -> Storage -> Disk
| Management to format the new drive. It was when I tried to access Disk
| Management that I first got the 'Virus Threat Detected' which meant I could
| not load the Logical Disk Manager Service, which is the file dmserver.dll,
| to format the hard disk.

| Could this just be coincidence? An anti-virus scan of the controller card's
| drivers CD resulted in 'no threats found'.

| Please advise, I'm stuck.

| Thanks and regards, etc..

Chances are it is NOT a virus but a trojan. You said you scanned it at Jotti. OK... what
where the detections at Jotti ?

If is is a pure trojan, it can't be cleaned. The DLL itself is malicious. If it is a
trojanized DLL then it may be able to be cleaned.

If is is really infected with a virus then is may be able to be cleaned. The
informationyou obtained at Jotti, but did not post, may provide the needed information.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

On Mon, 29 Sep 2008 21:46:59 GMT, Poster Matt wrote:

> The file on my Win XP Pro SP2 PC called dmserver.dll - located here
> c:\Windows\system32\dmserver.dll - has a virus according to my anti-virus
> software and confirmed by virusscan.jotti.org where 5 of the AV checkers
> showed a positive.
>
> I've no idea how to restore a clean version of dmserver.dll can someone tell
> me how please?
>
> Extra important info.: Today I installed a new SATA hard disk and a SATA II
> controller card for it. After installation I pointed the XP 'found new
> hardware wizard' to the controller card's CD for the drivers, all seemed
> fine until I went to Control Panel -> Computer Management -> Storage -> Disk
> Management to format the new drive. It was when I tried to access Disk
> Management that I first got the 'Virus Threat Detected' which meant I could
> not load the Logical Disk Manager Service, which is the file dmserver.dll,
> to format the hard disk.
>
> Could this just be coincidence? An anti-virus scan of the controller card's
> drivers CD resulted in 'no threats found'.
>
> Please advise, I'm stuck.

It seems that 'dmserver.dll' is a component of the "Darkmoon" Trojan Horse
program. I suspect that, rather than repair it, you need to remove it.

http://www.auditmypc.com/process/dmserver.asp

You may want to do more research to figure out the best way to proceed.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Poster Matt wrote:
>
> The file on my Win XP Pro SP2 PC called dmserver.dll - located here
> c:\Windows\system32\dmserver.dll - has a virus according to my anti-virus
> software and confirmed by virusscan.jotti.org where 5 of the AV checkers
> showed a positive.
>
> I've no idea how to restore a clean version of dmserver.dll can someone tell
> me how please?

First step. Delete the bad file.

--
http://www.bootdisk.com/

"Poster Matt" wrote:

> Hi,
>
> The file on my Win XP Pro SP2 PC called dmserver.dll - located here
> c:\Windows\system32\dmserver.dll - has a virus according to my anti-virus
> software and confirmed by virusscan.jotti.org where 5 of the AV checkers
> showed a positive.
>
> I've no idea how to restore a clean version of dmserver.dll can someone tell
> me how please?
>
> Extra important info.: Today I installed a new SATA hard disk and a SATA II
> controller card for it. After installation I pointed the XP 'found new
> hardware wizard' to the controller card's CD for the drivers, all seemed
> fine until I went to Control Panel -> Computer Management -> Storage -> Disk
> Management to format the new drive. It was when I tried to access Disk
> Management that I first got the 'Virus Threat Detected' which meant I could
> not load the Logical Disk Manager Service, which is the file dmserver.dll,
> to format the hard disk.
>
> Could this just be coincidence? An anti-virus scan of the controller card's
> drivers CD resulted in 'no threats found'.
>
> Please advise, I'm stuck.
>
> Thanks and regards, etc..


Well, to be safe try to rename the Dll to something like dmserver.dll.old
and Reboot your machine, does anything complain?

What Jotti scanner showed or reported?
What the properties of the DLL shows and compare on the real Disk Manager
Service file, what you r findings on this comes out?
Bes t if you scanned from other vendors to make sure the file not infected
or the virus itself hooked itself in "%SystemRoot%\".

Run a thorough scan by doing the following steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
http://onecare.live.com/site/en-gb/d....htm?s_cid=sah

Run a scan from here on-line:
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Run disk clean up on your Drive.
You can download this tool o run clean up:
http://www.ccleaner.com/download/bui...wnloading-slim

You can download this tool "AutoRuns for Windows"
http://technet.microsoft.com/en-us/s.../bb963902.aspx
And remove the entry from here:

Locate this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = look in
the right pane/window and remove the entry for it
"c:\Windows\system32\dmserver.dll".
HTH,
nass
---
http://www.nasstec.co.uk

Richard Urban wrote:
> That file IS the virus - or part thereof. Why would you want to replace it?
>
> http://www.auditmypc.com/process/dmserver.asp
>

If you read my post you will see that dmserver.dll handles the Windows
Logical Disk Manager Service and since I need to format a new disk I need a
non-infected version of dmserver.dll.

nass wrote:
>
> "Poster Matt" wrote:
>
>> Hi,
>>
>> The file on my Win XP Pro SP2 PC called dmserver.dll - located here
>> c:\Windows\system32\dmserver.dll - has a virus according to my anti-virus
>> software and confirmed by virusscan.jotti.org where 5 of the AV checkers
>> showed a positive.
>>
>> I've no idea how to restore a clean version of dmserver.dll can someone tell
>> me how please?
>>
>> Extra important info.: Today I installed a new SATA hard disk and a SATA II
>> controller card for it. After installation I pointed the XP 'found new
>> hardware wizard' to the controller card's CD for the drivers, all seemed
>> fine until I went to Control Panel -> Computer Management -> Storage -> Disk
>> Management to format the new drive. It was when I tried to access Disk
>> Management that I first got the 'Virus Threat Detected' which meant I could
>> not load the Logical Disk Manager Service, which is the file dmserver.dll,
>> to format the hard disk.
>>
>> Could this just be coincidence? An anti-virus scan of the controller card's
>> drivers CD resulted in 'no threats found'.
>>
>> Please advise, I'm stuck.
>>
>> Thanks and regards, etc..
>
>
> Well, to be safe try to rename the Dll to something like dmserver.dll.old
> and Reboot your machine, does anything complain?
>
> What Jotti scanner showed or reported?
> What the properties of the DLL shows and compare on the real Disk Manager
> Service file, what you r findings on this comes out?
> Bes t if you scanned from other vendors to make sure the file not infected
> or the virus itself hooked itself in "%SystemRoot%\".
>
> Run a thorough scan by doing the following steps:
> 1... First, try to clean up your caches, Internet files and delete cookies
> by doing this:
> Click Start >> Control Panel >> Double click Network and Internet
> Connections >> Double click Internet Options.
> On the IE properties windows you will see these Tabs:
> General | Security | Privacy | Content | Connections | Programs |
> Advanced
> Under General Tab clear your History, Internet Files and Cookies.
> Then click on Advanced tab and scroll down to under the Browsing Option:
> [&] Browsing
> [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
> Then click on Programs Tab and click Manage Add-Ons and Disable all non
> Verified Add-Ons (You should Renable them later one-by-one and see the
> culprit and update it or remove it.
> How to manage Add-Ons:
> http://support.microsoft.com/kb/883256
> Scan for malware from here:
> SuperAntispyware - Free
> http://www.superantispyware.com/supe...freevspro.html
> http://www.malwarebytes.org/rr-update/rr-free-setup.exe
> http://onecare.live.com/site/en-gb/d....htm?s_cid=sah
>
> Run a scan from here on-line:
> http://security.symantec.com/sscv6/d...d=ie&venid=sym
> http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
> Download Avast Cleaner (offline scanner) from here:
> http://www.avast.com/eng/avast-virus-cleaner.html
>
> Run disk clean up on your Drive.
> You can download this tool o run clean up:
> http://www.ccleaner.com/download/bui...wnloading-slim
>
> You can download this tool "AutoRuns for Windows"
> http://technet.microsoft.com/en-us/s.../bb963902.aspx
> And remove the entry from here:
>
> Locate this key:
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = look in
> the right pane/window and remove the entry for it
> "c:\Windows\system32\dmserver.dll".
> HTH,
> nass
> ---
> http://www.nasstec.co.uk
>

Thanks for the advise everyone.

I've managed to get a clean copy using the Microsoft utility:
SFC /SCANNOW

Cheers.

From: "Poster Matt" <postermatt@no_spam_for_me.org>

| Richard Urban wrote:
>> That file IS the virus - or part thereof. Why would you want to replace it?

>> http://www.auditmypc.com/process/dmserver.asp


| If you read my post you will see that dmserver.dll handles the Windows
| Logical Disk Manager Service and since I need to format a new disk I need a
| non-infected version of dmserver.dll.

And if you read my post there was specific information requested that you left out.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

That file is **NOT** part of a Vista install.

Again, why would you want to reload this problem file?

--

Richard Urban
Microsoft MVP
Windows Desktop Experience


"Poster Matt" <postermatt@no_spam_for_me.org> wrote in message
news:IJwEk.64900$(E-Mail Removed)...
> Richard Urban wrote:
>> That file IS the virus - or part thereof. Why would you want to replace
>> it?
>>
>> http://www.auditmypc.com/process/dmserver.asp
>>
>
> If you read my post you will see that dmserver.dll handles the Windows
> Logical Disk Manager Service and since I need to format a new disk I need
> a non-infected version of dmserver.dll.