Everytime I turn on the PC and login, Norton Protect popup with the D3DHA.DLL virus and can't be clean cause its in use. The file is located at c:\windows\system32. I've try to boot into safe mode and try to delete the files and its not there. The file only shows up when I boot in to windows xp in normal mode. I check my startup and nothing is in there and the is nothing schedule to run in the run keys in the registry. Can anyone help me on fixing this or removing the dll. I've try google, yahoo and comes up with nothing.
D3DHA.DLL backdoor virus, no info and can't be remove! HELP!
- Thread starter HKSturboKID
- Start date
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Antivirus software should not be asking you what to do with stuff, it should be set up to do its thing autonomously. Try having it silently delete all infected stuff without coming to ask you first. Make sure all detection options are maxed (heuristics, compressed files, scan all files without exceptions, etc). Also disable System Restore and bail all the SR files: how to do that
If that isn't getting you anywhere, try putting the hard drive into a second computer that has current antivirus software, and do a scan from there. Or try the free antivirus scanners in my signature too. You can boot into Safe Mode With Networking to run the online scanners.
Bigger picture: this didn't just fall from the sky
Figure out where you have vulnerabilities and eliminate them. Microsoft Baseline Security Analyzer 1.2 might help with the Windows side of things, since it'll find blank/weak passwords that let share-hopping worms into your ADMIN$ share. Links to MBSA 1.2 and more: Resources
edit: link fixed now?
If that isn't getting you anywhere, try putting the hard drive into a second computer that has current antivirus software, and do a scan from there. Or try the free antivirus scanners in my signature too. You can boot into Safe Mode With Networking to run the online scanners.
Bigger picture: this didn't just fall from the sky
Figure out where you have vulnerabilities and eliminate them. Microsoft Baseline Security Analyzer 1.2 might help with the Windows side of things, since it'll find blank/weak passwords that let share-hopping worms into your ADMIN$ share. Links to MBSA 1.2 and more: Resourcesedit: link fixed now?
Thanks for the info mechBgon.
AFter booting into safemode and running the online scan on my 160gig drive. It pickup nothing.
The problem that I have is the file D3DHA.DLL is in the system32 directory only if I boot up normally. If I boot up in safe mode, the file is not there. I've try to do a search and its no where to be found. When I boot up normal, the files is hidden system file which need to be unhide. and then its being use.
AFter booting into safemode and running the online scan on my 160gig drive. It pickup nothing.
The problem that I have is the file D3DHA.DLL is in the system32 directory only if I boot up normally. If I boot up in safe mode, the file is not there. I've try to do a search and its no where to be found. When I boot up normal, the files is hidden system file which need to be unhide. and then its being use.
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Ok, let's play a game with your pet virus Boot in Safe Mode, go to the system32 directory, right-click in some blank space, and create a new text document. Now rename it D3DHA.DLL, right-click it, choose Properties > Security, uncheck the box that allows inheritable permissions to propogate down onto the file, and remove all permissions to the file, period. No permissions for Administrator, for System, for anyone.
:evil:
This is what I call the "scorched-earth" approach. Now when your virus tries to make its D3DHA.DLL file, it can't, because there's one there already and it can't do anything to it. Or so we hope. LMK what happens, I'm curious to hear.
Boot in Safe Mode, go to the system32 directory, right-click in some blank space, and create a new text document. Now rename it D3DHA.DLL, right-click it, choose Properties > Security, uncheck the box that allows inheritable permissions to propogate down onto the file, and remove all permissions to the file, period. No permissions for Administrator, for System, for anyone.:evil:
This is what I call the "scorched-earth" approach. Now when your virus tries to make its D3DHA.DLL file, it can't, because there's one there already and it can't do anything to it. Or so we hope. LMK what happens, I'm curious to hear.
Hey mechBgon,
Thanks for the idea. Right now I just got home. Its actually my bro's PC. I'll probably stop by tomorrow to give it a try and let you know how it work out. Thanks again.
Thanks for the idea. Right now I just got home. Its actually my bro's PC. I'll probably stop by tomorrow to give it a try and let you know how it work out. Thanks again.
ScrapSilicon
Lifer
- Apr 14, 2001
- 13,625
- 0
- 0
<--wonders if a certain HP 3300 is still running..
Nope...No HP scanner or printers. He is using an Epson 875 photo printer.
Nope...No HP scanner or printers. He is using an Epson 875 photo printer.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 19K
-
-
-
Facebook
Twitter