S
stand_58
Not the ordinary question, though.
I have a dual boot system; media center edition is not blessed with this
miserable trojan/virus/worm, while my XPSP2 is. I use XP as the default,
and of course years of using it means it's set up the way I want it, and I
don't want to just trash it or bear the consequence of what a repair install
might do to me, especially since I don't have SP2 slipstreamed into my
original XP disk.
Anyway, what I have done is to try using some of the VUNDO trojan removal
tools. The flavor of Vundo that I have keeps on producing files like
ddayv.exe and ddayv.dll in the system32 directory, and running them. Also
vyadd.ini files in that directory. It shovels load instructions for the
ddayv.exe into the registry in a few places.
I can edit the registry and get rid of all the junk that I find, but of
course I'm not finding the root of the problem. I can also boot into the
media center and use that to edit the xp windows\system32 directory and get
rid of all the files created in there since the virus hit.
I can work in safe mode in XP and the trojan doesn't write all the garbage
that it typically writes.
Now here's something interesting.
I'll have gotten rid of all the instances of ddayv.exe, and then I'll boot.
I get a message box that looks as if I've tried to open ddayv.exe and
windows\system32 just can't find it, and if I want to search for it (yeah,
right) I can do so. The system tray has not yet loaded, the GUI is up,
Windows is usable, but ddayv.exe has not yet been created in the system32
directory.
I just click OK on the message box, the boot process continues, and the new
garbage gets written into the registry and into the system32 folder.
The help I am looking for from you people is some kind of utility that will
let me step through the end of the boot process. I know there's a step by
step way of doing a cold boot and a bootlog can be captured (am I only
living in the Win 98 world here?....remembering a capability long gone?).
The question is whether there is something available that would let me walk
through the later stages of the boot process so I can find out just what it
is that first invokes rundll to make the ddayv.dll run....and before that,
what makes ddayv.exe create ddayv.dll, and before that what makes ddayv.exe
get created from apparently nothing. There's got to be a way to drill down
to that nothing.
So this is a long post, I hope I'm not asking the impossible and I'm not
looking to post a hijack this log so somebody can create a batch file for me
or recommend a list of steps to take.
Thanks in advance.
I have a dual boot system; media center edition is not blessed with this
miserable trojan/virus/worm, while my XPSP2 is. I use XP as the default,
and of course years of using it means it's set up the way I want it, and I
don't want to just trash it or bear the consequence of what a repair install
might do to me, especially since I don't have SP2 slipstreamed into my
original XP disk.
Anyway, what I have done is to try using some of the VUNDO trojan removal
tools. The flavor of Vundo that I have keeps on producing files like
ddayv.exe and ddayv.dll in the system32 directory, and running them. Also
vyadd.ini files in that directory. It shovels load instructions for the
ddayv.exe into the registry in a few places.
I can edit the registry and get rid of all the junk that I find, but of
course I'm not finding the root of the problem. I can also boot into the
media center and use that to edit the xp windows\system32 directory and get
rid of all the files created in there since the virus hit.
I can work in safe mode in XP and the trojan doesn't write all the garbage
that it typically writes.
Now here's something interesting.
I'll have gotten rid of all the instances of ddayv.exe, and then I'll boot.
I get a message box that looks as if I've tried to open ddayv.exe and
windows\system32 just can't find it, and if I want to search for it (yeah,
right) I can do so. The system tray has not yet loaded, the GUI is up,
Windows is usable, but ddayv.exe has not yet been created in the system32
directory.
I just click OK on the message box, the boot process continues, and the new
garbage gets written into the registry and into the system32 folder.
The help I am looking for from you people is some kind of utility that will
let me step through the end of the boot process. I know there's a step by
step way of doing a cold boot and a bootlog can be captured (am I only
living in the Win 98 world here?....remembering a capability long gone?).
The question is whether there is something available that would let me walk
through the later stages of the boot process so I can find out just what it
is that first invokes rundll to make the ddayv.dll run....and before that,
what makes ddayv.exe create ddayv.dll, and before that what makes ddayv.exe
get created from apparently nothing. There's got to be a way to drill down
to that nothing.
So this is a long post, I hope I'm not asking the impossible and I'm not
looking to post a hijack this log so somebody can create a batch file for me
or recommend a list of steps to take.
Thanks in advance.