two pgms are infected

[alan b]

C:\Program Files\Common Files\MSDM\msdm.exe is infected with Backdoor.Trojan
C:\WINDOWS\system32\libupdate32.exe is infected with Backdoor.Bionet

If I delete msdm.exe and libupdate32.exe to get rid of the viruses, will
Windows Update update these missing pgms? I am not able so far to find free
utility to nail backdoor.trojan and backdoor.Bionet. I have already
purchased AVG..it does not fix them so far.

 

[Tom Porterfield]

C:\Program Files\Common Files\MSDM\msdm.exe is infected with
Backdoor.Trojan C:\WINDOWS\system32\libupdate32.exe is infected with
Backdoor.Bionet

If I delete msdm.exe and libupdate32.exe to get rid of the viruses,
will Windows Update update these missing pgms? I am not able so far
to find free utility to nail backdoor.trojan and backdoor.Bionet. I
have already purchased AVG..it does not fix them so far.

Neither of those files are part of a normal Windows load. They are
probably the actual virus files.

--
Tom Porterfield
MS-MVP Windows Smart Display
http://mywebpages.comcast.net/tp.porterfield/support

Please post all follows to the newsgroup only

 

[alan b]

I tried to delete msdm.exe but the dialog message read: ACCESS is denied.
I unchecked ARCHIVE in properties, but the results remained the same.
How do i delete it permanently?

 

[Loctite]

reboot in safe mode

I tried to delete msdm.exe but the dialog message read: ACCESS is denied.
I unchecked ARCHIVE in properties, but the results remained the same.
How do i delete it permanently?

 

[Tim H.]

I tried to delete msdm.exe but the dialog message read: ACCESS is denied.
I unchecked ARCHIVE in properties, but the results remained the same.
How do i delete it permanently?

I'm willing to bet msdm.exe is running, which will prevent you from deleting
it. Fire up task manager (Start, Run, taskmgr), go to Processes and see if
it's listed. If it is, end task on it and delete it!

 

[alan b]

that is it! I cannot run task manager. it is infected, too. what other
suggestion do you have?

 

[alan b]

yes, but i want them deleted, too.. i aint be in SAFE MODE permanently.

 

[Tom Porterfield]

yes, but i want them deleted, too.. i aint be in SAFE MODE
permanently.

Reboot to safe mode and see if that prevents them from starting
automatically. Delete them from there and then reboot into normal
Windows. Then get a good AV scanner that properly detects these and
scan your entire system.

--
Tom Porterfield
MS-MVP Windows Smart Display
http://mywebpages.comcast.net/tp.porterfield/support

Please post all follows to the newsgroup only

 

[alan b]

I put it in safemode and taskmgr.exe works fine. But when I go back to
normal mode, taskmgr does not work (close abruptly after clicking it).
How do I go to next step? How do I delete them in Safe Mode?

 

[Doug Knox MS-MVP]

Once you're in Safe Mode, simply delete the infected files. Then reboot.
You may also want to see www.dougknox.com, Win XP Utilities, Startup
Programs Tracker. This utility will scan the commonly used startup vectors
for programs and give you a list, telling you what and where its loaded
from. For entries in the Registry, click Start, Run and enter REGEDIT Go
to the registry key indicated and remove the value that tries to load the
virus.

 

[alan b]

I try to run your utility. It says something abt JDRMCYK.EXE. i think it
says that it is in registry that needs to be removed. But where is the
JDRMCYK.EXE file?
=========================================================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

nodriver JDRMCYK.EXE

 

[alan b]

I tried to delete in registry, but there it goes again.

 

[alan b]

How do I detect and delete files in SAFE MODE?
But a few moments ago INFOTASK2003 Manager locates JDRMCYK.EXE in
Windows/system32. It is there, but I cannot delete it altho all properties
are unchecked.

your website looks impressive.. If anything works, I may consider
contribution of 5 dollars. Thanks.