vdoubxd.dll - Trojan? Virus?

BJ Safdie · Apr 19, 2004

On my Win2K Server machine I found an entry in my registry
at:
HK_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run and RunOnce

which reads:

Key:
vdoubxd

Value:
rundll32 C:\WINNT\system32:vdoubxd.dll,Init 1

I "Googled" vdoubxd and came up with nothing.
Symantec Security Response came up with nothing.
The McAfee site had nothing.

If I delete the registry entries, they come back. There
is no vdoubxd.dll in my C:\WINNT\system32 directory.
Also, I am unfamiliar with the ...system32:vdoubxd.dll...
use of a colon. I also looked for the possibility of file
in WINNT named system32:vdoubxd.dll.

Anyone know what the heck this thing is and how (if it is
a bad thing) to get rid of it?

Any Help Appreciated,
BJ Safdie

Jerry Heidtke · Apr 19, 2004

BJ said:
On my Win2K Server machine I found an entry in my registry
at:
HK_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run and RunOnce

which reads:

Key:
vdoubxd

Value:
rundll32 C:\WINNT\system32:vdoubxd.dll,Init 1

I "Googled" vdoubxd and came up with nothing.
Symantec Security Response came up with nothing.
The McAfee site had nothing.

If I delete the registry entries, they come back. There
is no vdoubxd.dll in my C:\WINNT\system32 directory.
Also, I am unfamiliar with the ...system32:vdoubxd.dll...
use of a colon. I also looked for the possibility of file
in WINNT named system32:vdoubxd.dll.

Anyone know what the heck this thing is and how (if it is
a bad thing) to get rid of it?

Any Help Appreciated,
BJ Safdie

Probably the Coreflood trojan. It's stored in an "Alternate Data Stream"
(ADS). See http://www.sophos.com/virusinfo/analyses/trojcoreflooc.html
for a description, download
http://www.sophos.com/support/cleaners/corfcgui.com to get rid of it.

Your system may have been further compromised. You should do a thorough
investigation. Rebuilding from scratch should be seriously considered.

BJ Safdie · Apr 19, 2004

Many Thanks.

-----Original Message-----

Probably the Coreflood trojan. It's stored in an "Alternate Data Stream"
(ADS). See http://www.sophos.com/virusinfo/analyses/trojcoreflooc.html

for a description, download
http://www.sophos.com/support/cleaners/corfcgui.com to get rid of it.

Your system may have been further compromised. You should do a thorough
investigation. Rebuilding from scratch should be seriously considered.
.

wins32.exe - virus? trojan? malware?	7	Jul 5, 2005
Trojan virus in system32 ... HELP!	2	Oct 30, 2003
Virus Alert in my Taskbar	2	Jul 20, 2006
Trojan horse virus in system32... HELP!	2	Oct 30, 2003
Trojan virus in system 32... please help!	2	Oct 30, 2003
Folder & Programs Open on Start Up	2	Oct 13, 2008
Long PAUSE during Vista Startup	5	Sep 12, 2007
Hey can somone help me WITH getting a keylogger out of my computer	4	Aug 26, 2007

vdoubxd.dll - Trojan? Virus?

BJ Safdie

Jerry Heidtke

BJ Safdie

Ask a Question

Similar Threads