NationStates Jolt Archive


Help Austar Union Fix His Computer!

Austar Union
26-07-2005, 13:50
I have been trying time and time again, so I decided that since Nationstates is the capital for nerds, why dont I ask you fella's! Maybe you can help me, maybe not - but see if you can fix this problem.

For a short time now, it seems that my computer has gained the fondness of going into a state of 'blue screen', whereby it displays the following particular message.


Check to make sure you have adequate disk space.... yada yada yada.

*** STOP: 0x0000008E (0xc0000005, 0x005D0031, 0xefcd5a98, 0x00000000)
vdmt16.sys on Address FC7EC465, Base at Fcec00, Datestamp 423bffb1

Anyone know what the heck to do?
Austar Union
26-07-2005, 14:03
Bump, for the more intelligent people.
Jeruselem
26-07-2005, 14:11
You have a trojan horse called Troj/Haxdoor.

http://www.sophos.com/virusinfo/analyses/trojhaxdooraf.html
http://support.microsoft.com/?scid=kb;en-us;903251

Update your virus scanner to get rid of it. This is a nasty one.
Tekania
26-07-2005, 14:18
I have been trying time and time again, so I decided that since Nationstates is the capital for nerds, why dont I ask you fella's! Maybe you can help me, maybe not - but see if you can fix this problem.

For a short time now, it seems that my computer has gained the fondness of going into a state of 'blue screen', whereby it displays the following particular message.



Anyone know what the heck to do?

vdmt16.sys is a device driver/system process added by the Troj/Haxdoor-AF TROJAN... It's Malware, and undesirable; and you should get rid of it.

First use regedit or regedt32 to delete the following registry keys:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdnt32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VFILT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\memlow

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdnt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VFILT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\memlow

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_VDMT16
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_VDNT32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_WINLOW
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_MEMLOW


Second delete any entry of "Mszx23.exe" under the following subkeys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
[/quote]

Last, make sure your virus scanners defs are up to date.