Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Msdirectx.sys virus

  • 22-03-2005 3:26pm
    #1
    Amaru
    Closed Accounts Posts: 680 ✭✭✭


    Has anybody else got this lately? I got it on my computer the other day, and i think(more on this in a minute) its completely ****ed everything over. I'm running a normal 56k connection, and i don't windowsupdate regularly becuase of the authenticity of my copy of XP. I at least had one virus on it already, the one that attacked the svchost, but not the one that reboots your machine, this one disconnects from the internet and then you can't reconnect unless you reboot.

    Anyway, the other day, i got the message up on my screen from McAfee "virus detected - msdirectx.sys", but when i went to click on it, the popup screen disappeared. When i went to the symbol for mcafee in my connections tray, that disappeared too! Couldn't open the task manager either, or the registry editor! Also, because i couldn't open the virus scanner, i couldn't download an up to date virus defnitions file!

    I eventually downloaded AVG, but when i tried to use the updater on that, that disappeared too! The virus basically won't let me do anything that would help me remove it.

    I then booted into safe mode, where i ran the virus scan, and it found the virus and deleted it, but its in the registry too, so i removed it from there too. Rebooted, and its still there, and still stopping me from doing anything that would allow me to remove it.

    Anybody have any experience with this? Any ideas how to remove it?


Comments

  • #2
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    hmm looks like a nasty virus this one. Is the virus sdbot.worm? If so try the below:

    At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

    Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

    Locate the HKEY_LOCAL_MACHINE entries:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MS FIREWALL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\MS FIREWALL

    and remove any reference to any file you deleted.

    Close the registry editor.


  • #3
    Amaru
    Closed Accounts Posts: 680 ✭✭✭Amaru


    My registry didn't have any of those values, so does that mean its not sdbot.worm, or just something else?


  • #4
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    probably a different variant of the worm. I'll google it later on and see what other results i get for u.


Advertisement