Results 1 to 14 of 14
  1. #1
    Gold Lounger
    Join Date
    Feb 2001
    Location
    Sint Niklaas, Belgium
    Posts
    2,778
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Backdoor Agent B

    I have a pc with windows XP Home. After startup I get the virus warning message in attachment. I can't close this warning window.
    Symantec tell to remove the files infected by the virus.
    In Windows explorer i can't find the d3da.dll (Hidden and system files are set to show)
    In a dos windows I can find the file but when I try to delete, I get a Access denied error.
    In save mode, I can't find the file nor in windows explorer nor in dos window.
    A complete scan with Norton Anti-Virus don't find anny infection.

    Anny suggestion ?

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 16 Times in 16 Posts

    Re: Backdoor Agent B

    Symantec's page on this Trojan here contains detailed information, and instructions how to remove the registry entries that load the Trojan. Hopefully you can use these to force a clean start, you should then be able to delete the DLL.

  4. #3
    Gold Lounger
    Join Date
    Feb 2001
    Location
    Sint Niklaas, Belgium
    Posts
    2,778
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backdoor Agent B

    Thanks Hans.
    I have already read this page and the strange is that those keys don't exist in the registry. <img src=/S/hairout.gif border=0 alt=hairout width=31 height=23>

  5. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 16 Times in 16 Posts

    Re: Backdoor Agent B

    It might just be a false positive. According to the Symantec page, the Backdoor trojan creates a DLL with a random name of 1 to 4 characters, so it may think that D3DA.DLL is suspect. However, according to a Google search, D3DA.DLL is also a legitimate file installed by several PC games such as Need For Speed and others.

  6. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Backdoor Agent B

    > I can't close this warning window.

    One possibility is that some process keeps pushing this file onto your computer, causing the prompt to redisplay instantly. To test that theory, try disabling your network connection (e.g., Start>Settings>Network connections, right-click, Disable) and then dismissing the dialog.

    You probably should close any work files opened from remote servers before disabling the connection; sometimes it doesn't come back when you re-enable it.

  7. #6
    Gold Lounger
    Join Date
    Feb 2001
    Location
    Sint Niklaas, Belgium
    Posts
    2,778
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backdoor Agent B

    Problem solved.
    I do a search for "d3da.dll" in the registry and delete all the entries containing it.
    Then after a restart, I was able to delete the d3da.dll file from a dos-window. It was still not visible in Windows Explorer <img src=/S/confused3.gif border=0 alt=confused3 width=45 height=45>.
    Thanks for your help.

  8. #7
    Gold Lounger
    Join Date
    Feb 2001
    Location
    Sint Niklaas, Belgium
    Posts
    2,778
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backdoor Agent B

    It is a stand alone PC. No Network. Only ADLS, but the problem appears right after startup, even when not connected to the provider.
    I solve the problem, see my reply to Hans.
    Thanks anyway.

  9. #8
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Backdoor Agent B

    > It was still not visible in Windows Explorer.

    Maybe Windows Explorer has been tampered with? Crafty malware infects the file system in such a manner that you are prevented from finding it. It's fortunate that the AV software was able to see it.

  10. #9
    Gold Lounger
    Join Date
    Feb 2001
    Location
    Sint Niklaas, Belgium
    Posts
    2,778
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backdoor Agent B

    Do you mean that explorer.exe can be changed ?
    Do I need to do a repair or reinstall Windows XP ?

  11. #10
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 16 Times in 16 Posts

    Re: Backdoor Agent B

    If malware makes itself invisible, it is probably done in the file system. But you might check the date of C:WindowsExplorer.exe (29 August 2002 for Windows XP SP-1), or run sfc /scannow from Start | Run... to perform a system file check. Have your Windows XP CD-ROM available.

  12. #11
    Gold Lounger
    Join Date
    Feb 2001
    Location
    Sint Niklaas, Belgium
    Posts
    2,778
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backdoor Agent B

    Ok, I'll check it next time I go to the customer.
    Thanks.

  13. #12
    Silver Lounger Duchess843's Avatar
    Join Date
    Apr 2002
    Location
    Sicklerville, NJ
    Posts
    2,488
    Thanks
    36
    Thanked 0 Times in 0 Posts

    Re: Backdoor Agent B

    Hans, my version for Windows Explorer using Windows XP differs from yours. My version is 6.0 and dated: May 11, 2003. Perhaps you need to get the update.
    <img src=/S/coffeetime.gif border=0 alt=coffeetime width=32 height=48>

  14. #13
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 16 Times in 16 Posts

    Re: Backdoor Agent B

    There must be different versions around. The version I reported earlier was for XP Pro SP-1 at work, on my home computer with XP Home SP-1 Explorer.exe is from May 29, 2003. In both cases, they are fully updated with all officially released updates.

  15. #14
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,374
    Thanks
    1
    Thanked 595 Times in 532 Posts

    Re: Backdoor Agent B

    My version at home with XP Pro (fully updated) is 6.0.2800.1221 dated May 11, 2003.

    Joe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •